win32config.exe - Dangerous

win32config.exe

Manual removal instructions:

Antivirus Report of win32config.exe:
win32config.exe Malware
win32config.exeDangerous
win32config.exeHigh Risk
win32config.exe
W32.Paps.A@mm is a mass-mailing worm that sends itself as an attachment to the email addresses that it finds on your computer.
The email will have a variable subject and file attachment.
The attachment will have a .exe file extension:
- Pics.JPG.exe
- MailMessage.Msg.exe
- Filesharing_details.DOC.exe
- Trojan_removal_tool.exe
- Report.DOC.exe
- Documents.DOC.exe
- Removal_tool.exe

Creates the following files: %Windir%\Win32config.exe; %Windir%\Win32apps3.txt; %Windir%\Kernel32.dll; %Windir%\Ntbtlog.txt; iphist.dat.
This file is created in the same folder as the original worm file.

Adds the value: "Win32Config" = "%Windir%\win32config.exe"
in the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Scans the following file types on all the local drives for email addresses: .doc; .txt; .wab; .rtf; .htm; .html; .dbx; .xml; .msg; .php; .cgi; .pst; .nk2

Attempts to access the following Web sites:
http: //www.google.de
http: //www.hausaufgaben.de
http: //www.referate.de
http: //www.eselfilme.com
Attempts to access http: //www.whatismyip.com to get the IP address of the local system.

Automatic removal:
Use RegRun Startup Optimizer to remove this worm.

Remove win32config.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.