win32exec.exe - Dangerous
win32exec.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
It is a worm that may be able to propagate through file-share networks.
It is produced by a constructor kit and can inject itself into other processes.
Performs some of the following actions:
- Inject entries into either the Notepad or Microsoft Internet Explorer processes.
- Download and execute a file, it if detects a webcam.
- Notify an attacker of its existence through a Web portal at the domain icq.com.
- Delete the original file that was executed.
- Be configured to only execute on a certain date.
Manual removal:
Navigate to the key: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
and delete the value: "load" = "%Windir%\win32exec.exe"