winz32.exe - Dangerous
winz32.exe
Manual removal instructions:
Antivirus Report of winz32.exe:
winz32.exe
Added as a result of the SDBOT.Q virus.
Is a Backdoor Trojan Horse that can be controlled through an IRC server.
When Backdoor.SDBot.Q is executed, it attempts to perform the following actions:
Creates a copy of itself as %SYSTEM%\winz32.exe.
And adds the value:
"INTERNET_SERVISES" = "winz32.exe"
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Connects to the IRC server, greenz.dyn.nu, joins a predefined channel, and waits for commands from the hacker.
The commands include, but are not limited to, the following:
- Manage the backdoor.
- Control the IRC client on an infected computer.
- Open and close the CD-ROM drive.
- Add files to the KaZaA, Grokster, and Bearshare shared folders. This Backdoor contains a large list of file names, which it attempts to use.
- Download and execute files.
- Start or Terminate processes.
And others.
Manual removal:
Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value:
"INTERNET_SERVISES"="winz32.exe"
Automatic removal:
Use RegRun Startup Optimizer to remove it from startup.
| winz32.exe | Malware |
| winz32.exe | Dangerous |
| winz32.exe | High Risk |
Is a Backdoor Trojan Horse that can be controlled through an IRC server.
When Backdoor.SDBot.Q is executed, it attempts to perform the following actions:
Creates a copy of itself as %SYSTEM%\winz32.exe.
And adds the value:
"INTERNET_SERVISES" = "winz32.exe"
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Connects to the IRC server, greenz.dyn.nu, joins a predefined channel, and waits for commands from the hacker.
The commands include, but are not limited to, the following:
- Manage the backdoor.
- Control the IRC client on an infected computer.
- Open and close the CD-ROM drive.
- Add files to the KaZaA, Grokster, and Bearshare shared folders. This Backdoor contains a large list of file names, which it attempts to use.
- Download and execute files.
- Start or Terminate processes.
And others.
Manual removal:
Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value:
"INTERNET_SERVISES"="winz32.exe"
Automatic removal:
Use RegRun Startup Optimizer to remove it from startup.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.