msinfo.exe - Dangerous
msinfo.exe
Manual removal instructions:
Antivirus Report of msinfo.exe:
msinfo.exe
Backdoor.IRC.Aladinz.M is a backdoor Trojan horse that uses malicious scripts in the mIRC client software, allowing unauthorized remote access.
When it is executed, it performs the following actions:
Creates different files in %System32%\Wbem\Mof\Good\System:
@ - clean text log file
conn.dll - clean IRC dll file
csrss.dll - malicious IRC script detected as IRC Trojan
and others.
Attempts to copy itself as the following files:
C:\wupd.exe
%System32%\msinfo.exe
Adds the value:
"MSInfo" = "msinfo.exe"
"MSUpdate"="wupd.exe"
to the registry keys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and "MSInfo" = "msinfo.exe" to
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Disables DCOM support by setting the value to:
"EnableDCOM" = "N"
in the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\EnableDCOM
Allows a remote attacker to control the computer. The functions provided include:
Retrieving information about the computer.
Stopping and restarting the Trojan.
Downloading and running files.
Scanning hosts for vulnerabilities using the Remacc.Dwremote.
EnabledDCOM value to "Y." in the system registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\EnableDCOM
And use RegRun Startup Optimizer to remove it from startup.
| msinfo.exe | Malware |
| msinfo.exe | Dangerous |
| msinfo.exe | High Risk |
When it is executed, it performs the following actions:
Creates different files in %System32%\Wbem\Mof\Good\System:
@ - clean text log file
conn.dll - clean IRC dll file
csrss.dll - malicious IRC script detected as IRC Trojan
and others.
Attempts to copy itself as the following files:
C:\wupd.exe
%System32%\msinfo.exe
Adds the value:
"MSInfo" = "msinfo.exe"
"MSUpdate"="wupd.exe"
to the registry keys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and "MSInfo" = "msinfo.exe" to
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Disables DCOM support by setting the value to:
"EnableDCOM" = "N"
in the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\EnableDCOM
Allows a remote attacker to control the computer. The functions provided include:
Retrieving information about the computer.
Stopping and restarting the Trojan.
Downloading and running files.
Scanning hosts for vulnerabilities using the Remacc.Dwremote.
EnabledDCOM value to "Y." in the system registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\EnableDCOM
And use RegRun Startup Optimizer to remove it from startup.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.