winxp.exe - Dangerous
winxp.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
Spreads via the Internet as an attachment to infected messages and also via P2P networks.
Searches disks for files with some extensions and sends itself to all addresses harvested from these files.
The worm can send itself as a password protected ZIP archive. If it does this, the password will be shown in the message body. The password may be in text or graphical format.
Opens port 1080 and another port chosen at random. It then tracks port activity.
It is programmed to cease activity and self-destruct after 5th May 2006.
It tracks the execution of most well-known antivirus products and firewalls and terminates these processes.
The worm's body contains a list of URLs. It attempts to download from these sites. (At the moment of writing, none of the sites are functioning.)
Manual removal:
Navigate to the key:
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
and delete the value: "key"="%system%\winxp.exe"
Also delete the following files in the Windows system directory:
winxp.exeopen
winxp.exeopenopen
winxp.exeopenopenopen
winxp.exeopenopenopenopen