winitr32.exe - Dangerous
winitr32.exe
Manual removal instructions:
Antivirus Report of winitr32.exe:
winitr32.exe
W32/Forbot-C is a worm which attempts to spread to remote network shares.
The worm also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels.
It moves itself to the Windows system folder as winitr32.exe and creates the following registry entries to run itself on system logon:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Win32 Wmls Driver = winitr32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\Win32 Wmls Driver = winitr32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Win32 Wmls Driver = winitr32.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Win32 Wmls Driver = winitr32.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\Win32 Wmls Driver = winitr32.exe
Attempts to spread to network machines using various exploits including the LSASS vulnerability.
Also, attempts to terminate several processes related to anti-virus and security related software.
Remove it from startup with RegRun Startup Optimizer.
winitr32.exe | Malware |
winitr32.exe | Dangerous |
winitr32.exe | High Risk |
The worm also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels.
It moves itself to the Windows system folder as winitr32.exe and creates the following registry entries to run itself on system logon:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Win32 Wmls Driver = winitr32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\Win32 Wmls Driver = winitr32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Win32 Wmls Driver = winitr32.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Win32 Wmls Driver = winitr32.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\Win32 Wmls Driver = winitr32.exe
Attempts to spread to network machines using various exploits including the LSASS vulnerability.
Also, attempts to terminate several processes related to anti-virus and security related software.
Remove it from startup with RegRun Startup Optimizer.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.