windns32.exe - Dangerous
windns32.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
It allows attackers to access an infected computer through IRC.
Also Known As: WORM_AGOBOT.WN, Backdoor.Agobot.li, W32/Gaobot.worm.gen.g
Copies itself as %System%\Windns32.exe.
Adds the value: "WinDNS" = "windns32.exe"
to the registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
Connects to an IRC server and listens for commands.
Allows an attacker to control an infected computer:
- Download and execute files
- Steal system information
- Steal CD keys for various video games
- Take screenshots
- Terminate processes
- Run a SOCKS server on a compromised system
Uses a list of user names and passwords.
Ends many processes that are associated with the antivirus and firewall software.
Attempts to delete the files and registry values associated with other worms.
Use RegRun Startup Optimizer to remove it from startup.