wstat32.exe - Dangerous
wstat32.exe
Jeff's Story:
My PC had gotten a bad rootkit that my ISP antivirus software (powered by McAfee) could not detect, nor could fix.
I sought a solution on the Internet and discovered your product and tried out the trial.
You quickly found the rootkit and SAVED my PC!
I haven't had any problems since, and I'm extremely grateful.
Manual removal instructions:
It can allow an attacker to remotely control your computer using Internet Relay Chat (IRC).
This Trojan can also download and execute files.
Copies itself as %System%\Wstat32.exe and executes that copy.
May display a fake error Message Box titled, "Error-384," with the text:
A valid data link was not found, deleting file
Waits for an Internet connection, and when one is opened, it connects to a remote IRC server, notifies the attacker, and then waits for commands.
This Trojan can perform the following actions:
Remove and uninstall itself
Delete files
Restart the computer
Run specified commands
Rename files
Create or delete folders
List and end processes
Perform an ICMP attack on a specified host
Manual removal:
Navigate to the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
and delete the value:
"Wstat32 driver"="%System%\Wstat32.exe"
Use RegRun Startup Optimizer to remove it from startup.