|
|
Welcome to BoredGuru.com : Wincfg32.exe is a trojan. Steps to Remove it. |
|
| yogi |
 Wincfg32.exe is a trojan. Steps to Remove it. |
Masters of BG
Joined: 02-Jan-2004
Posts: 442
From: Chennai, India
|
| |
The worm activates from infected email only in case a user clicks on attached file.
Description
W32/Rbot-DT is a worm which attempts to spread to remote network shares. The worm also contains backdoor functionality, allowing unauthorised remote access to the infected computer via IRC channels while running in the background as a service process.
W32/Rbot-DT spreads to network shares with weak passwords as a result of the backdoor element receiving the appropriate command from a remote user.
W32/Rbot-DT copies itself to the Windows system folder as WINCFG32.EXE and creates entries at the following locations in the registry so as to run itself on system startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
Microsoft Update Debugger = wincfg32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\
Microsoft Update Debugger = wincfg32.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Microsoft Update Debugger = wincfg32.exe
W32/Rbot-DT may try to delete the C$, D$, E$, IPC$ and ADMIN$ network shares on the host computer.
W32/Rbot-DT may also drop a file named DEBUG.CRF into the root folder.
Recovery
First search for the Trojan "wincfg32.exe" using windows search. Start-->search.
Make sure the :"search the system and hidden files" box is checked in the ADVANCED OPTIONS. Then delete it. And make sure your recyclebin is also emptied.
EDIT REGISTRY
CAUTION: Boredguru strongly recommends that you back up the registry before you make any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry" for instructions.
Click Start, and then click Run. (The Run dialog box appears.)
Type regedit
Then click OK. (The Registry Editor opens.)
Navigate to the key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete the value:
Windows Config Loader %Windir%\Wincfg32.exe
Exit the Registry Editor.
Is it really worth your time and money (you could lose all your money in the bank if your password is compromised) to be worrying about these things?
It is always better to have a software that can protect your computer and you. Spywares are more dangerous than viruses, coz of the simple reason that they steal your information. Your banking account password is much more worthy to them than your computer. And thats what most of them are after.
 |
WinTasks
Professional - Security
Made Easy |
remove and block spyware, adware, malware,
and more
identify the threats with detailed process
information
approve every process on your computer
automatic updates give up-to-the-minute
protection
very easy to use
|
|
[ Edited by yogi on 2004/12/21 2:25 ] |
|
| 2004/7/15 21:37 |
  |
|
|
|
Guest (s): 15
Member (s):0
21983: Members
Wincfg32.exe is a trojan. Steps to Remove it.
