I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:
Free Download Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.
_DEFAULT.PIF – Worm Brontok removal
| File | MD5 | Virus Alias |
|---|---|---|
| _DEFAULT.PIF | 11137cff3bf3277be313c7eda4dea1c9 | Worm Brontok |
| _DEFAULT.PIF | 11137cff3bf3277be313c7eda4dea1c9 | Trojan Generic |
| _DEFAULT.PIF | 11137cff3bf3277be313c7eda4dea1c9 | Trojan Agent |
_DEFAULT.PIF size: 57802 bytes
_DEFAULT.PIF hash: 11137CFF3BF3277BE313C7EDA4DEA1C9
Created files:
%WinDir%\.exe
%WinDir%\ActiveX.exe
%WinDir%\system\csrss.exe
%WinDir%\system\lsass.exe
%WinDir%\system\smss.exe
%WinDir%\system\svchost.exe
%WinDir%\system\winlogon.exe
%SysDir%\copy.pif
%SysDir%\surif.bin
%SysDir%\_default.pif
%WinDir%\win32.exe
%WinDir%.exe
Autostart registry keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Default: %WinDir%\System32\_default.pif
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\USER: %WinDir%\System\winlogon.exe
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %WinDir%\System32\userinit.exe,%WinDir%\System32\copy.pif
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ present: %WinDir%\.exe
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load: %WinDir%\ActiveX.exe
Detected by UnHackMe:
_DEFAULT.PIF
Default location: %SYSDIR%\_DEFAULT.PIF
Dropper information:
MD5: 908b4f97e6ed2a458509bf86fd4521d6
File size: 57802 bytes
Then why does it call home every time you start your computer? Much like a spyware?
No. It is like an advertisement from Microsoft.
Read more:
https://greatis.com/blog/what-is-gwx-gwx-exe
GWX = Get Windows 10
Why does it show up as a Microsoft program but it is unregistered?
What do you mean “unregistered”?