winhlp.exe - Dangerous
%windir%\winhlp.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
Adds the value:
"winhlp.exe" = "%Windir%\winhlp.exe"
to Windows startup registry keys.
Adds a unique ID for the infected machine:
"UserData\UID" = "[generated ID]"
to the registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
Steals passwords.
Sends the gathered information back to a remote Web site.
Downloads and executes remote files.
Kill it using RegRun Startup Optimizer.