We checked up the file WINEIGHTU.EXE and found it hazardous.
The file WINEIGHTU.EXE must be deleted from the system immediately.
Kill the process WINEIGHTU.EXE and remove WINEIGHTU.EXE from the Windows startup.
Malware Analysis of WINEIGHTU.EXE
Full path on a computer: %Program Files%\wineight\wineightu.exe
Detected by UnHackMe:
WINEIGHTU.EXE
Default location: %Program Files%\wineight\wineightu.exe
Removal Results: Success
Number of reboot: 1
WINEIGHTU.EXE is known as:
AdWare.WinAgir
WINEIGHTU.EXE hash:
- MD5: 9d43ea51d8599755b44933b74e903ded
The file tries to download information from some web sites.
How to quickly detect WINEIGHTU.EXE presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Classes\CLSID\{4830B65C-3F89-4775-8FDB-E472D67DBDD0}\InprocServer32\: “%Program Files%\wineight\wineightb301.dll”
- HKLM\System\CurrentControlSet\Services\WinA Diagnostics Service\Type: 0×00000010
- HKLM\System\CurrentControlSet\Services\WinA Diagnostics Service\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\WinA Diagnostics Service\ErrorControl: 0×00000001
- HKLM\System\CurrentControlSet\Services\WinA Diagnostics Service\ImagePath: “%WinDir%\System32\wineightdr.exe”
- HKLM\System\CurrentControlSet\Services\WinA Diagnostics Service\DisplayName: “WinA Diagnostics Service”
- HKLM\System\CurrentControlSet\Services\WinA Diagnostics Service\ObjectName: “LocalSystem”
- HKLM\System\CurrentControlSet\Services\Windows WinEight Update Service\Type: 0×00000010
- HKLM\System\CurrentControlSet\Services\Windows WinEight Update Service\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\Windows WinEight Update Service\ErrorControl: 0×00000001
- HKLM\System\CurrentControlSet\Services\Windows WinEight Update Service\ImagePath: “%Program Files%\wineight\wineightu.exe”
- HKLM\System\CurrentControlSet\Services\Windows WinEight Update Service\DisplayName: “Windows WinEight Update Service”
- HKLM\System\CurrentControlSet\Services\Windows WinEight Update Service\ObjectName: “LocalSystem”
- HKLM\System\CurrentControlSet\Services\Windows WinEight Update Service\Description: “Windows WinEight Update Service”
Folders:- %Local Appdata%\WinEight
- %Temp%\~nsis
- %Temp%\~nsis\c3i023
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LUIIOHEM
- %Program Files%\wineight
Files:- %Temp%\~nsis\c3i023\sqlite3.dll
- %Temp%\~nsis\c3i023\wineights301.dll
- C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LUIIOHEM\desktop.ini
- %Program Files%\wineight\pkdb.dat
- %Program Files%\wineight\sqlite3.dll
- %Program Files%\wineight\ukdb.dat
- %Program Files%\wineight\uninst1.exe
- %Program Files%\wineight\wineightb301.dll
- %Program Files%\wineight\wineights301.dll
- %Program Files%\wineight\wineightu.exe
- %SysDir%\wineightdr.exe