tiwi.exe - Dangerous
tiwi.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
W32.Rahiwi.A is a worm that spreads by copying itself to the root of all drives, including removable and shared drives.
Related files:
[DRIVE LETTER]:\Data_Rahasia Administrator.exe
[DRIVE LETTER]:\Tiwi_Cute.exe
[DRIVE LETTER]:\autorun.inf
[DRIVE LETTER]:\present.txt
C:\Documents and Settings\Administrator\Local Settings\Application Data\WINDOWS\cute.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\WINDOWS\imoet.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\WINDOWS\smss.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\WINDOWS\winlogon.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\smss.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\winlogon.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Empty.pif
C:\WINDOWS\system32\IExplorer.exe
C:\WINDOWS\system32\rpcss.dll
C:\WINDOWS\system32\shell.exe
C:\WINDOWS\system32\tiwi.scr
C:\WINDOWS\tiwi.exe
C:\tiwi.exe
Kill the process tiwi.exe and remove tiwi.exe from Windows startup.