uwyrl.exe - Dangerous

%sysdir%\uwyrl.exe

Jeff's Story:

My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.

I sought a solution on the Internet and discovered your product and tried out the trial.

You quickly found the rootkit and SAVED my PC!

I haven't had any problems since, and I'm extremely grateful.

Free Download

Manual removal instructions:

%sysdir%\uwyrl.exe
Trojan.Phel.A is a Trojan horse program, which is distributed as an .html file, and attempts to exploit the Microsoft Internet Explorer HTML Help Control Local Zone Security Restriction Bypass Vulnerability (as described in Microsoft Security Bulletin MS05-001).
Creates the following files:
* %System%\uwyrl.exe
* %System%\uwyrl.dll
Adds to Windows startup.
Downloads data from the searchproject.net domain, using an ADODB object, and saves the data as My.hta in the following folders:
* C:\Documents and Settings\All Users\Start Menu\Programs\Startup
* C:\Documents and Settings\All Users\Menu Inicio\Programas\Inicio
* C:\Documents and Settings\All Users\Menu Demarrer\Programmes\Demarrage
* C:\Documents and Settings\All Users\Menuen Start\Programmer\Start
* C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten
* C:\Documents and Settings\All Users\Menu Start\Programy\Autostart
* C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
* C:\Documents and Settings\All Users\Kaynnista-valikko\Ohjelmat\Kaynnistys
* C:\Documents and Settings\All Users\Start Menu\Programlar\BASLANGIC
* C:\Documents and Settings\All Users\Start-meny\Programmer\Oppstart
* C:\Documents and Settings\All Users\Start-menyn\Program\Autostart
* C:\Documents and Settings\All Users\Menu Iniciar\Programas\Iniciar
* C:\Dokumente und Einstellungen\All Users\Startmenu\Programme\Autostart

Remove uwyrl.exe now!