win32config.exe - Dangerous
win32config.exe
Manual removal instructions:
Antivirus Report of win32config.exe:
win32config.exe
W32.Paps.A@mm is a mass-mailing worm that sends itself as an attachment to the email addresses that it finds on your computer.
The email will have a variable subject and file attachment.
The attachment will have a .exe file extension:
- Pics.JPG.exe
- MailMessage.Msg.exe
- Filesharing_details.DOC.exe
- Trojan_removal_tool.exe
- Report.DOC.exe
- Documents.DOC.exe
- Removal_tool.exe
Creates the following files: %Windir%\Win32config.exe; %Windir%\Win32apps3.txt; %Windir%\Kernel32.dll; %Windir%\Ntbtlog.txt; iphist.dat.
This file is created in the same folder as the original worm file.
Adds the value: "Win32Config" = "%Windir%\win32config.exe"
in the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Scans the following file types on all the local drives for email addresses: .doc; .txt; .wab; .rtf; .htm; .html; .dbx; .xml; .msg; .php; .cgi; .pst; .nk2
Attempts to access the following Web sites:
http: //www.google.de
http: //www.hausaufgaben.de
http: //www.referate.de
http: //www.eselfilme.com
Attempts to access http: //www.whatismyip.com to get the IP address of the local system.
Automatic removal:
Use RegRun Startup Optimizer to remove this worm.
| win32config.exe | Malware |
| win32config.exe | Dangerous |
| win32config.exe | High Risk |
The email will have a variable subject and file attachment.
The attachment will have a .exe file extension:
- Pics.JPG.exe
- MailMessage.Msg.exe
- Filesharing_details.DOC.exe
- Trojan_removal_tool.exe
- Report.DOC.exe
- Documents.DOC.exe
- Removal_tool.exe
Creates the following files: %Windir%\Win32config.exe; %Windir%\Win32apps3.txt; %Windir%\Kernel32.dll; %Windir%\Ntbtlog.txt; iphist.dat.
This file is created in the same folder as the original worm file.
Adds the value: "Win32Config" = "%Windir%\win32config.exe"
in the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Scans the following file types on all the local drives for email addresses: .doc; .txt; .wab; .rtf; .htm; .html; .dbx; .xml; .msg; .php; .cgi; .pst; .nk2
Attempts to access the following Web sites:
http: //www.google.de
http: //www.hausaufgaben.de
http: //www.referate.de
http: //www.eselfilme.com
Attempts to access http: //www.whatismyip.com to get the IP address of the local system.
Automatic removal:
Use RegRun Startup Optimizer to remove this worm.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.