Solved! Use WININIT32.EXE (Backdoor IRCBot) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews
. EULA. Privacy Policy. Uninstall.

WININIT32.EXE – Backdoor IRCBot removal

FileMD5Virus Alias
WININIT32.EXE 8077cf0af4592f4c2cc5abbbfa6fcf83 Backdoor IRCBot
WININIT32.EXE 8077cf0af4592f4c2cc5abbbfa6fcf83 Trojan (Suspicious File)
WININIT32.EXE 8077cf0af4592f4c2cc5abbbfa6fcf83 Trojan DNAScan
WININIT32.EXE 8077cf0af4592f4c2cc5abbbfa6fcf83 Virus Part
WININIT32.EXE 8077cf0af4592f4c2cc5abbbfa6fcf83 Worm Palevo
WININIT32.EXE 8077cf0af4592f4c2cc5abbbfa6fcf83 Backdoor Maximus

WININIT32.EXE size: 520920 bytes
WININIT32.EXE hash: 8077CF0AF4592F4C2CC5ABBBFA6FCF83

Created files:

%SysDir%\wininit32.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SysInit: wininit32.exe -services
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\SysInit: wininit32.exe -services
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: Explorer.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\SysInit: wininit32.exe -drivers

Detected by UnHackMe:

WININIT32.EXE
Default location: %SYSDIR%\WININIT32.EXE

Dropper information:
MD5: d71723b918454c6456e71222e240ba60
File size: 495262 bytes

Leave a Reply