winuser32.exe - Dangerous
winuser32.exe
Manual removal instructions:
Antivirus Report of winuser32.exe:
winuser32.exe
W32/Sdbot-KF
Aliases: Backdoor.Spyboter.gen, W32/Spybot.worm.gen.a, Win32/Spyboter.M
It is a worm which attempts to spread to remote network shares.
It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels.
Copies itself to the Windows system folder as WINUSER32.EXE
Creates entries in the registry at the following locations so as to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Attempts to terminate some processes relating to antivirus and security programs including REGEDIT.EXE, PING.EXE and NETSTAT.EXE.
Attempts to set the following registry entry to prevent access to some registry tools:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ DisableRegistryTools = 1
Spreads to network shares with weak passwords and via network security exploits as a result of the backdoor Trojan element receiving the appropriate command from a remote user, copying itself to NTLORD.EXE on the local computer at the same time.
W32/Sdbot-KF may log user keystrokes to a file called KEYLOG.TXT and network information to a file called SCANZ.TXT.
You can automatical remove it from startup with RegRun Startup Optimizer.
| winuser32.exe | Malware |
| winuser32.exe | Dangerous |
| winuser32.exe | High Risk |
Aliases: Backdoor.Spyboter.gen, W32/Spybot.worm.gen.a, Win32/Spyboter.M
It is a worm which attempts to spread to remote network shares.
It also contains backdoor Trojan functionality, allowing unauthorised remote access to the infected computer via IRC channels.
Copies itself to the Windows system folder as WINUSER32.EXE
Creates entries in the registry at the following locations so as to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
Attempts to terminate some processes relating to antivirus and security programs including REGEDIT.EXE, PING.EXE and NETSTAT.EXE.
Attempts to set the following registry entry to prevent access to some registry tools:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System\ DisableRegistryTools = 1
Spreads to network shares with weak passwords and via network security exploits as a result of the backdoor Trojan element receiving the appropriate command from a remote user, copying itself to NTLORD.EXE on the local computer at the same time.
W32/Sdbot-KF may log user keystrokes to a file called KEYLOG.TXT and network information to a file called SCANZ.TXT.
You can automatical remove it from startup with RegRun Startup Optimizer.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.