mswinsrv.exe - Dangerous

mswinsrv.exe

Jeff's Story:

My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.

I sought a solution on the Internet and discovered your product and tried out the trial.

You quickly found the rootkit and SAVED my PC!

I haven't had any problems since, and I'm extremely grateful.

Free Download

Manual removal instructions:

mswinsrv.exe
Backdoor.Mtron is a backdoor Trojan that records financial activity and sends it to a remote attacker using IRC.
It also gives the attacker the ability to download and run files on the infected computer.

Copies itself as %System%\MSWinSrv.exe
Attempts to delete all .txt files in the %Cookies% folder.

Records activity in windows that are associated with financial institutions.
It searches for open windows that have any of the following strings in the title bar:
Netbenefits; Fidelity; e-gold; Citibank; Citi
Logs keystrokes in these windows, and sends the information to the attacker using IRC.
No physical log of this information is kept on the local system - meaning that no file is created which stores this data.

Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value: "MSWinSrv"="%system%\MSWinSrv.exe"

Remove mswinsrv.exe now!