poet.exe - Dangerous
poet.exe
Manual removal instructions:
Antivirus Report of poet.exe:
poet.exe
W32.Doep.A is a worm that spreads through file-sharing networks, such as Kazaa, eMule, eDonkey2000, Lphant, and Overnet.
Creates the following files:
%Windir%\System32\poet.log
%Windir%\System32\Inf\readme.txt
%Windir%\System32\Inf\poet.exe
Adds the value: "Poet" = "%Windir%\System32\Inf\Poet.exe"
to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Attempts to create copies of itself in the %Windir%\System32\Inf folder using different file names.
The file extension will be an .exe, .avi, or a .zip archive that contains a file with one of the previous two extensions.
Creates the following files:
C:\Program Files\KaAaA\My shared folder\The White Stripes - IM INFECTED.mp3
C:\Documents and Settings\All Users\Start Menu\Programs\BrainwashBrainwashBrainwash45.exe
Modifies configuration files or registry keys of file-sharing programs, such as Kazaa, eMule, eDonkey2000, Lphant, and Overnet,
so the shared folder of the programs is %Windir%\System32\Inf.
It then attempts to delete samo registry entries in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Such as: avserve.exe; avserve2.exe; skynetave.exe; etc.
Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value: "Poet" = "%Windir%\System32\Inf\Poet.exe"
| poet.exe | Malware |
| poet.exe | Dangerous |
| poet.exe | High Risk |
Creates the following files:
%Windir%\System32\poet.log
%Windir%\System32\Inf\readme.txt
%Windir%\System32\Inf\poet.exe
Adds the value: "Poet" = "%Windir%\System32\Inf\Poet.exe"
to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Attempts to create copies of itself in the %Windir%\System32\Inf folder using different file names.
The file extension will be an .exe, .avi, or a .zip archive that contains a file with one of the previous two extensions.
Creates the following files:
C:\Program Files\KaAaA\My shared folder\The White Stripes - IM INFECTED.mp3
C:\Documents and Settings\All Users\Start Menu\Programs\BrainwashBrainwashBrainwash45.exe
Modifies configuration files or registry keys of file-sharing programs, such as Kazaa, eMule, eDonkey2000, Lphant, and Overnet,
so the shared folder of the programs is %Windir%\System32\Inf.
It then attempts to delete samo registry entries in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
Such as: avserve.exe; avserve2.exe; skynetave.exe; etc.
Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value: "Poet" = "%Windir%\System32\Inf\Poet.exe"
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.