win32config.exe - Dangerous

win32config.exe

Jeff's Story:

My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.

I sought a solution on the Internet and discovered your product and tried out the trial.

You quickly found the rootkit and SAVED my PC!

I haven't had any problems since, and I'm extremely grateful.

Free Download

Manual removal instructions:

win32config.exe
W32.Paps.A@mm is a mass-mailing worm that sends itself as an attachment to the email addresses that it finds on your computer.
The email will have a variable subject and file attachment.
The attachment will have a .exe file extension:
- Pics.JPG.exe
- MailMessage.Msg.exe
- Filesharing_details.DOC.exe
- Trojan_removal_tool.exe
- Report.DOC.exe
- Documents.DOC.exe
- Removal_tool.exe

Creates the following files: %Windir%\Win32config.exe; %Windir%\Win32apps3.txt; %Windir%\Kernel32.dll; %Windir%\Ntbtlog.txt; iphist.dat.
This file is created in the same folder as the original worm file.

Adds the value: "Win32Config" = "%Windir%\win32config.exe"
in the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Scans the following file types on all the local drives for email addresses: .doc; .txt; .wab; .rtf; .htm; .html; .dbx; .xml; .msg; .php; .cgi; .pst; .nk2

Attempts to access the following Web sites:
http: //www.google.de
http: //www.hausaufgaben.de
http: //www.referate.de
http: //www.eselfilme.com
Attempts to access http: //www.whatismyip.com to get the IP address of the local system.

Automatic removal:
Use RegRun Startup Optimizer to remove this worm.

Remove win32config.exe now!