msinfo.exe - Dangerous

msinfo.exe

Jeff's Story:

My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.

I sought a solution on the Internet and discovered your product and tried out the trial.

You quickly found the rootkit and SAVED my PC!

I haven't had any problems since, and I'm extremely grateful.

Free Download

Manual removal instructions:

msinfo.exe
Backdoor.IRC.Aladinz.M is a backdoor Trojan horse that uses malicious scripts in the mIRC client software, allowing unauthorized remote access.

When it is executed, it performs the following actions:
Creates different files in %System32%\Wbem\Mof\Good\System:
@ - clean text log file
conn.dll - clean IRC dll file
csrss.dll - malicious IRC script detected as IRC Trojan
and others.

Attempts to copy itself as the following files:
C:\wupd.exe
%System32%\msinfo.exe

Adds the value:
"MSInfo" = "msinfo.exe"
"MSUpdate"="wupd.exe"
to the registry keys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and "MSInfo" = "msinfo.exe" to
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices

Disables DCOM support by setting the value to:
"EnableDCOM" = "N"
in the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\EnableDCOM

Allows a remote attacker to control the computer. The functions provided include:

Retrieving information about the computer.
Stopping and restarting the Trojan.
Downloading and running files.
Scanning hosts for vulnerabilities using the Remacc.Dwremote.

EnabledDCOM value to "Y." in the system registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE\EnableDCOM

And use RegRun Startup Optimizer to remove it from startup.

Remove msinfo.exe now!