msrege.exe - Dangerous
msrege.exe
Manual removal instructions:
Antivirus Report of msrege.exe:
msrege.exe
Backdoor.Zinx is a backdoor Trojan Horse that allows a hacker to use your compter as proxy and steals information.
By default it opens ports 14728 and 24759.
The Trojan is launched using an .html file that contains malicious Visual Basic Script (VBS) code.
When the .html file is opened, it does following:
Drops the q.vbs file and executes it. The file does the following:
Drops x.exe and executes it, which terminates security programs.
Downloads q.exe from a predetermined Web site and executes it.
Drops and executes the following files:
%Windir%\5845.exe
%Windir%\msreg.exe
%System%\svchostc.exe
%System%\svchosts.exe
Downloads configuration information from predetermined Web sites, and then runs svchostc.exe and svchosts.exe with these configurations.
Connects to a predetermined SMTP server and sends email message to a certain email address.
The message contains following information:
- Operating system version
- Registered user name
- Organization name
- AIM user accounts
- ICQ accounts
- Trillian accounts
- Ghisler Windows Commander and Total Commander information
- SMTP and POP email accounts and passwords
Automatical remove:
Use RegRun Startup Opimizer.
And navigate to the %System% folder and delete the svchosts.exe and svchostc.exe files.
msrege.exe | Malware |
msrege.exe | Dangerous |
msrege.exe | High Risk |
By default it opens ports 14728 and 24759.
The Trojan is launched using an .html file that contains malicious Visual Basic Script (VBS) code.
When the .html file is opened, it does following:
Drops the q.vbs file and executes it. The file does the following:
Drops x.exe and executes it, which terminates security programs.
Downloads q.exe from a predetermined Web site and executes it.
Drops and executes the following files:
%Windir%\5845.exe
%Windir%\msreg.exe
%System%\svchostc.exe
%System%\svchosts.exe
Downloads configuration information from predetermined Web sites, and then runs svchostc.exe and svchosts.exe with these configurations.
Connects to a predetermined SMTP server and sends email message to a certain email address.
The message contains following information:
- Operating system version
- Registered user name
- Organization name
- AIM user accounts
- ICQ accounts
- Trillian accounts
- Ghisler Windows Commander and Total Commander information
- SMTP and POP email accounts and passwords
Automatical remove:
Use RegRun Startup Opimizer.
And navigate to the %System% folder and delete the svchosts.exe and svchostc.exe files.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.