winsys.exe - Dangerous
%windir%\winsys.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
This is email worm spreading by affecting MS Outlook.
When the worm is run it displays the dialog box with "OK" and "Cancel" buttons, allows users to upgrade for Microsoft Windows 9x/Me/NT/2000 to solve some protocol TCP/IP problems and for SSL
(Secure Sockets Layer) secure system exploration.
Then, as well as on "Cancel" or "OK" click, the worm installs itself to the system.
The worm also creates additional registry key that indacates that the system is already infected:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion WLKey = 1
The worm also creates NAVER.TXT file in Windows system directory and writes to there a text that is then used in infected messages body.
The worm then connects to MS Outlook address book, get email addresses from there and sends itself attached to these emails.
Manual removal:
Please, go to the key in the system registry: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and delete the value: WLWin = %windir%\WINSYS.EXE