mswinsrv.exe - Dangerous
mswinsrv.exe
Manual removal instructions:
Antivirus Report of mswinsrv.exe:
mswinsrv.exe
Backdoor.Mtron is a backdoor Trojan that records financial activity and sends it to a remote attacker using IRC.
It also gives the attacker the ability to download and run files on the infected computer.
Copies itself as %System%\MSWinSrv.exe
Attempts to delete all .txt files in the %Cookies% folder.
Records activity in windows that are associated with financial institutions.
It searches for open windows that have any of the following strings in the title bar:
Netbenefits; Fidelity; e-gold; Citibank; Citi
Logs keystrokes in these windows, and sends the information to the attacker using IRC.
No physical log of this information is kept on the local system - meaning that no file is created which stores this data.
Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value: "MSWinSrv"="%system%\MSWinSrv.exe"
| mswinsrv.exe | Malware |
| mswinsrv.exe | Dangerous |
| mswinsrv.exe | High Risk |
It also gives the attacker the ability to download and run files on the infected computer.
Copies itself as %System%\MSWinSrv.exe
Attempts to delete all .txt files in the %Cookies% folder.
Records activity in windows that are associated with financial institutions.
It searches for open windows that have any of the following strings in the title bar:
Netbenefits; Fidelity; e-gold; Citibank; Citi
Logs keystrokes in these windows, and sends the information to the attacker using IRC.
No physical log of this information is kept on the local system - meaning that no file is created which stores this data.
Manual removal:
Navigate to the key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value: "MSWinSrv"="%system%\MSWinSrv.exe"
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.