wincalc.exe - Dangerous
wincalc.exe
Manual removal instructions:
Antivirus Report of wincalc.exe:
wincalc.exe
Backdoor.Paproxy is a Backdoor Trojan horse that allows the infected computer to be used as a network proxy.
Opens a backdoor onto the computer.
Copies itself to %System%\Wincalc.exe.
Attempts to connect to http:/ /www.yahoo.com on port 80 using a POST method.
Attempts to connect to smtp.westcowboy.com on port 80.
Manual removal:
Navigate to the keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunService
and delete the value: "LogService"="%System%\Wincalc.exe"
Navigate to the key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
and delete the values:
"ProxyServer" = ";"
"ProxyEnable" = "1"
Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
and change the value: "Shell"="Explorer.exe %System%\Wincalc.exe"
to "Shell"="Explorer.exe"
| wincalc.exe | Malware |
| wincalc.exe | Dangerous |
| wincalc.exe | High Risk |
Opens a backdoor onto the computer.
Copies itself to %System%\Wincalc.exe.
Attempts to connect to http:/ /www.yahoo.com on port 80 using a POST method.
Attempts to connect to smtp.westcowboy.com on port 80.
Manual removal:
Navigate to the keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunService
and delete the value: "LogService"="%System%\Wincalc.exe"
Navigate to the key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
and delete the values:
"ProxyServer" = ";"
"ProxyEnable" = "1"
Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
and change the value: "Shell"="Explorer.exe %System%\Wincalc.exe"
to "Shell"="Explorer.exe"
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.