Solved! Use WINSYS32.EXE (Backdoor IRCBot) Removal Guide

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Download UnHackMe
Fully Functional 30-day Trial. No credit card is required. Reviews. EULA. Privacy Policy.

WINSYS32.EXE – Backdoor IRCBot removal

File MD5 Virus Alias
WINSYS32.EXE d474f511677d3da3c07593904b7b3bfd Backdoor IRCBot
WINSYS32.EXE d474f511677d3da3c07593904b7b3bfd Trojan Eldorado
WINSYS32.EXE d474f511677d3da3c07593904b7b3bfd Trojan Bdld

WINSYS32.EXE size: 35360 bytes
WINSYS32.EXE hash: D474F511677D3DA3C07593904B7B3BFD

Created files:

%SysDir%\winsys32.exe

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\winsys32run: winsys32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\winsys32run: winsys32.exe

Detected by UnHackMe:

WINSYS32.EXE
Default location: %SYSDIR%\WINSYS32.EXE

Dropper information:
MD5: d474f511677d3da3c07593904b7b3bfd
File size: 35360 bytes

Leave a Reply