Solved! Use WINDRV.EXE (Backdoor IRCBot) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

WINDRV.EXE – Backdoor IRCBot removal

File MD5 Virus Alias
WINDRV.EXE 9a989b33eb386f41f41f109ff317dc8e Backdoor IRCBot
WINDRV.EXE 9a989b33eb386f41f41f109ff317dc8e Trojan Generic
WINDRV.EXE 9a989b33eb386f41f41f109ff317dc8e Trojan Small

WINDRV.EXE size: 8192 bytes
WINDRV.EXE hash: 9A989B33EB386F41F41F109FF317DC8E

Created files:

%WinDir%\dllreg.exe
%SysDir%\load32.exe
%SysDir%\vxdmgr32.exe
%WinDir%\windrv.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\load32: %WinDir%\System32\load32.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\shell: explorer.exe %WinDir%\System32\vxdmgr32.exe

Detected by UnHackMe:

WINDRV.EXE
Default location: %WinDir%\WINDRV.EXE

Dropper information:
MD5: 001e6ceb0025c1e3a4ef90c3f2a83d6e
File size: 20507 bytes

Leave a Reply