winsys.exe - Dangerous
%windir%\winsys.exe
Manual removal instructions:
Antivirus Report of %windir%\winsys.exe:
%windir%\winsys.exe
I-Worm.Naver
This is email worm spreading by affecting MS Outlook.
When the worm is run it displays the dialog box with "OK" and "Cancel" buttons, allows users to upgrade for Microsoft Windows 9x/Me/NT/2000 to solve some protocol TCP/IP problems and for SSL
(Secure Sockets Layer) secure system exploration.
Then, as well as on "Cancel" or "OK" click, the worm installs itself to the system.
The worm also creates additional registry key that indacates that the system is already infected:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion WLKey = 1
The worm also creates NAVER.TXT file in Windows system directory and writes to there a text that is then used in infected messages body.
The worm then connects to MS Outlook address book, get email addresses from there and sends itself attached to these emails.
Manual removal:
Please, go to the key in the system registry: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the value: WLWin = %windir%\WINSYS.EXE
%windir%\winsys.exe | Malware |
%windir%\winsys.exe | Dangerous |
%windir%\winsys.exe | High Risk |
This is email worm spreading by affecting MS Outlook.
When the worm is run it displays the dialog box with "OK" and "Cancel" buttons, allows users to upgrade for Microsoft Windows 9x/Me/NT/2000 to solve some protocol TCP/IP problems and for SSL
(Secure Sockets Layer) secure system exploration.
Then, as well as on "Cancel" or "OK" click, the worm installs itself to the system.
The worm also creates additional registry key that indacates that the system is already infected:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion WLKey = 1
The worm also creates NAVER.TXT file in Windows system directory and writes to there a text that is then used in infected messages body.
The worm then connects to MS Outlook address book, get email addresses from there and sends itself attached to these emails.
Manual removal:
Please, go to the key in the system registry: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the value: WLWin = %windir%\WINSYS.EXE
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.