poet.exe - Dangerous


Manual removal instructions:

Antivirus Report of poet.exe:
poet.exe Malware
poet.exeHigh Risk
W32.Doep.A is a worm that spreads through file-sharing networks, such as Kazaa, eMule, eDonkey2000, Lphant, and Overnet.

Creates the following files:

Adds the value: "Poet" = "%Windir%\System32\Inf\Poet.exe"
to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Attempts to create copies of itself in the %Windir%\System32\Inf folder using different file names.
The file extension will be an .exe, .avi, or a .zip archive that contains a file with one of the previous two extensions.

Creates the following files:
C:\Program Files\KaAaA\My shared folder\The White Stripes - IM INFECTED.mp3
C:\Documents and Settings\All Users\Start Menu\Programs\BrainwashBrainwashBrainwash45.exe

Modifies configuration files or registry keys of file-sharing programs, such as Kazaa, eMule, eDonkey2000, Lphant, and Overnet,
so the shared folder of the programs is %Windir%\System32\Inf.

It then attempts to delete samo registry entries in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Such as: avserve.exe; avserve2.exe; skynetave.exe; etc.

Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value: "Poet" = "%Windir%\System32\Inf\Poet.exe"

Remove poet.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.


You can read UnHackMe testimonials here.