winkrnl386.exe - Dangerous
winkrnl386.exe
Manual removal instructions:
Antivirus Report of winkrnl386.exe:
winkrnl386.exe
Also Known as TrojanProxy.Win32.Zebroxy [KAV]
Backdoor.Zebroxy is a Trojan that opens port 8173 and runs as a proxy server under Windows 2000/XP.
When Backdoor.Zebroxy is run, it does the following:
1. Adds the string value:
"Microsoft Windows Kernel Services"="%System%\winkrnl386.exe"
to the registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
so that the Trojan runs when you start Windows.
2. Modifies the string value:
"EnableDCOM"="N"
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
to diseble remote connections using DCOM
3. Opens TCP port 8173 and runs as a proxy server.
Following the instructions to remove this trojan:
1. Restart the computer in Safe mode.
2. Open your antiviral application and run a full system scan and delete all the files detected as Backdoor.Zebroxy.
3. Deleting the value from the registry:
a. Select the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value:
"Microsoft Windows Kernel Services"="%System%\winkrnl386.exe"
b. After that navigate to the key:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value:
"Microsoft Windows Kernel Services"="%System%\winkrnl386.exe"
c. And go to the key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
set the value for "EnableDCOM" to:
"EnableDCOM"="Y"
| winkrnl386.exe | Malware |
| winkrnl386.exe | Dangerous |
| winkrnl386.exe | High Risk |
Backdoor.Zebroxy is a Trojan that opens port 8173 and runs as a proxy server under Windows 2000/XP.
When Backdoor.Zebroxy is run, it does the following:
1. Adds the string value:
"Microsoft Windows Kernel Services"="%System%\winkrnl386.exe"
to the registry keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
and:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
so that the Trojan runs when you start Windows.
2. Modifies the string value:
"EnableDCOM"="N"
to the registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
to diseble remote connections using DCOM
3. Opens TCP port 8173 and runs as a proxy server.
Following the instructions to remove this trojan:
1. Restart the computer in Safe mode.
2. Open your antiviral application and run a full system scan and delete all the files detected as Backdoor.Zebroxy.
3. Deleting the value from the registry:
a. Select the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value:
"Microsoft Windows Kernel Services"="%System%\winkrnl386.exe"
b. After that navigate to the key:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value:
"Microsoft Windows Kernel Services"="%System%\winkrnl386.exe"
c. And go to the key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole
set the value for "EnableDCOM" to:
"EnableDCOM"="Y"
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.