xwinx.exe - Dangerous

xwinx.exe

Manual removal instructions:

Antivirus Report of xwinx.exe:
xwinx.exe Malware
xwinx.exeDangerous
xwinx.exeHigh Risk
xwinx.exe
We suggest you to remove xwinx.exe from your computer as soon as possible.
Xwinx.exe is Trojan/Backdoor.
Kill the process xwinx.exe and remove xwinx.exe from Windows startup.

File: xcwincx.exe
-------------------------------------------------------------------------------------
Classification:
Code:
Antivirus Version Last Update Result
Avast 4.8.1335.0 2009.08.19 Win32:Trojan-gen {Other}
AVG 8.5.0.406 2009.08.19 BackDoor.Ircbot.ITT
BitDefender 7.2 2009.08.20 Gen:Trojan.Heur.VB.bm2@eCN0gQai
Comodo 2031 2009.08.20 Backdoor.Win32.PoisonIvy.Gen
DrWeb 5.0.0.12182 2009.08.20 Trojan.MulDrop.32786
F-Secure 8.0.14470.0 2009.08.20 Backdoor.Win32.SdBot.ocz
Kaspersky 7.0.0.125 2009.08.20 Backdoor.Win32.SdBot.ocz
Microsoft 1.4903 2009.08.20 Trojan:Win32/Vtub.W
NOD32 4349 2009.08.19 -
Symantec 1.4.4.12 2009.08.20 W32.IRCBot

Additional information
File size: 26694 bytes
MD5 : a21dbddc3437ae08665e22d3f1822d4d
SHA1 : 716667b22f6566db8d98942be36cf135075a0f46
-------------------------------------------------------------------------------------
Installation
When the program is executed, it creates the following registry subkeys and values:

----------------------------------
Keys added:1
----------------------------------
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3E501A7F-593A-167F-FD84-2DEBF322C5C1}

----------------------------------
Values added:2
----------------------------------
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{3E501A7F-593A-167F-FD84-2DEBF322C5C1}\StubPath: 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 4C 4F 43 41 4C 53 7E 31 5C 54 65 6D 70 5C 45 61 67 4C 37 53 5C 78 77 69 6E 78 2E 65 78 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nar: 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 41 44 4D 49 4E 49 7E 31 5C 4C 4F 43 41 4C 53 7E 31 5C 54 65 6D 70 5C 45 61 67 4C 37 53 5C 78 77 69 6E 78 2E 65 78 65 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

----------------------------------
Values modified:0
----------------------------------

----------------------------------
Files added:1
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\Temp\EagL7S\xwinx.exe

----------------------------------
Files [attributes?] modified:0
----------------------------------

----------------------------------
Folders added:1
----------------------------------
C:\Documents and Settings\Administrator\Local Settings\Temp\EagL7S

----------------------------------
Folders deleted:0
----------------------------------

----------------------------------
Total changes:5
----------------------------------

-------------------------------------------------------------------------------------
Detected by RegRun Reanimator:

Item Name: {3E501A7F-593A-167F-FD84-2DEBF322C5C1}
Author: Unknown
Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\EagL7S\xwinx.exe
Type: ActiveSetup

Item Name: nar
Author: Unknown
Related File: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\EagL7S\xwinx.exe
Type: Registry Run

Removal Results: Success
Number of reboot: 1
-------------------------------------------------------------------------------------

Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)

Remove xwinx.exe now!

Dmitry Sokolov:

I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.

Since that time I work every day to fix the issues that antiviruses cannot.

If your antivirus have not helped you solve the problem, you should try UnHackMe.

We are a small company and you can ask me directly, if you have any questions.

Testimonials

You can read UnHackMe testimonials here.