usrinit.exe - Dangerous
usrinit.exe
Manual removal instructions:
Antivirus Report of usrinit.exe:
usrinit.exe
W32.Maddis.B is a network-share worm.
The worm opens several ports on an infected computer.
It also operates as a proxy and possibly a spam relay.
Copies itself to %System%\IUsrinit.exe
Creates the file, %Windir%\Temp\Helper.dll.
%Windir% is a variable. The worm locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.
Attempts to create the service, "Windows Update," so that the worm is executed any time the process is stopped.
Attempts to inject Helper.dll into various Windows System processes to avoid alerting firewall applications when it accesses the Internet. It also hooks various System APIs.
Attempts to contact the following Web sites, notify them of the attack, and then send them system information:
www.proxylist.ru/control/21/
www.proxylist.com.ua/control/21/
www.proxylist.com.ru/control/21/
www.proxylist.biz/control/21/
66.98.173.166/control/21/
Scans the Local Area Network using NetBIOS.
Attempts to copy itself to any open shares that it finds.
Open several randomly selected high ports. Then, it operates as a proxy for various protocols, including HTTP and SOCKS.
usrinit.exe | Malware |
usrinit.exe | Dangerous |
usrinit.exe | High Risk |
The worm opens several ports on an infected computer.
It also operates as a proxy and possibly a spam relay.
Copies itself to %System%\IUsrinit.exe
Creates the file, %Windir%\Temp\Helper.dll.
%Windir% is a variable. The worm locates the Windows installation folder (by default, this is C:\Windows or C:\Winnt) and copies itself to that location.
Attempts to create the service, "Windows Update," so that the worm is executed any time the process is stopped.
Attempts to inject Helper.dll into various Windows System processes to avoid alerting firewall applications when it accesses the Internet. It also hooks various System APIs.
Attempts to contact the following Web sites, notify them of the attack, and then send them system information:
www.proxylist.ru/control/21/
www.proxylist.com.ua/control/21/
www.proxylist.com.ru/control/21/
www.proxylist.biz/control/21/
66.98.173.166/control/21/
Scans the Local Area Network using NetBIOS.
Attempts to copy itself to any open shares that it finds.
Open several randomly selected high ports. Then, it operates as a proxy for various protocols, including HTTP and SOCKS.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.