386.exe - Dangerous
386.exe
Manual removal instructions:
Antivirus Report of 386.exe:
386.exe
W32.IRCBot.D is a backdoor trojan horse that connects to a remote IRC server and awaits commands from the attacker.
Attempts to steal license keys for various games.
Allows unauthorized remote access to an infected computer.
Attempts to remove the following shares on the local drive: c$; d$; IPC$; admin$
Attempts to connect to the IRC server metal.electrogiant.com on TCP port 5599.
Joins a predefined channel, using a random username, and waits for commands from the IRC server.
These commands can allow the attacker to:
- Managing installation of back door.
- Transmitting the back door to designated IRC channels.
- Downloading and executing arbitrary files.
- Performing DoS attacks against attacker specified targets.
- Send out private information.
- Terminating arbitrary processes.
- Visiting websites.
- Start socks proxy service.
- Copying itself to shared folders on other machines.
- Steal license keys for different games
Manual removal:
Navigate to each of these keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
From each key that is found, delete the value: "Win32 USB2.0 Driver" = "386.exe"
| 386.exe | Malware |
| 386.exe | Dangerous |
| 386.exe | High Risk |
Attempts to steal license keys for various games.
Allows unauthorized remote access to an infected computer.
Attempts to remove the following shares on the local drive: c$; d$; IPC$; admin$
Attempts to connect to the IRC server metal.electrogiant.com on TCP port 5599.
Joins a predefined channel, using a random username, and waits for commands from the IRC server.
These commands can allow the attacker to:
- Managing installation of back door.
- Transmitting the back door to designated IRC channels.
- Downloading and executing arbitrary files.
- Performing DoS attacks against attacker specified targets.
- Send out private information.
- Terminating arbitrary processes.
- Visiting websites.
- Start socks proxy service.
- Copying itself to shared folders on other machines.
- Steal license keys for different games
Manual removal:
Navigate to each of these keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
From each key that is found, delete the value: "Win32 USB2.0 Driver" = "386.exe"
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.