The file WINSVC32.EXE is identified as a virus dropper.
The dropper WINSVC32.EXE is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
The file WINSVC32.EXE loads into the computer memory and tries to connect to the dangerous web site.
Usually the WINSVC32.EXE dropper does not infect the files on the computer and does not replicate itself on other computers.
Kill the WINSVC32.EXE process and delete the file WINSVC32.EXE.
Malware Analysis of WINSVC32.EXE
Full path on a computer: %WinDir%\winsvc32.exe
Detected by UnHackMe:
Item Name: WinService32
Author:
Current Setting: %WinDir%\winsvc32.exe
Type: Auto Services
Removal Results: Success
Number of reboot: 1
WINSVC32.EXE is known as:
Trojan.Symmi.24118, Trojan-Ransom.Gimemo
WINSVC32.EXE hash:
- MD5: 9078c2574fa6d2992ab656fe69cac7e6
How to quickly detect WINSVC32.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\System\CurrentControlSet\Services\WinService32\Type: 0×00000010
- HKLM\System\CurrentControlSet\Services\WinService32\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\WinService32\ErrorControl: 0×00000001
- HKLM\System\CurrentControlSet\Services\WinService32\ImagePath: “%WinDir%\winsvc32.exe”
- HKLM\System\CurrentControlSet\Services\WinService32\DisplayName: “WinService32″
- HKLM\System\CurrentControlSet\Services\WinService32\ObjectName: “LocalSystem”
Folders:- %WinDir%\LastGood
- %WinDir%\LastGood\INF
Files:- %WinDir%\LastGood\INF\oem14.inf
- %WinDir%\LastGood\INF\oem14.PNF
- %WinDir%\winsvc32.exe