The file WINFILTERSVC.DLL is identified as the Trojan Program that is used for stealing bank information and users passwords.
To delete WINFILTERSVC.DLL we suggest you should use UnHackMe:
http://www.unhackme.com
Malware Analysis of WINFILTERSVC.DLL
Full path on a computer: %Common Appdata%\WinFilter\WinFilterSvc.dll
Detected by UnHackMe:
WINFILTERSVC.DLL
Default location: %Common Appdata%\WinFilter\WinFilterSvc.dll
Removal Results: Success
Number of reboot: 1
WINFILTERSVC.DLL is known as:
Trojan.Generic
WINFILTERSVC.DLL hash:
- MD5: 460f9ee9c2a99b24592f5982fece33d6
The file tries to download information from some web sites.
How to quickly detect WINFILTERSVC.DLL presence?
![]( "Registry")
Registry:
![]( "Folders")
Folders:
![]( "Files")
Files:
Registry:- HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{5F189DF5-2D05-472B-9091-84D9848AE48B}{8c33f9f6}\UninstallString: “”%SysDir%\RUNDLL32.EXE” “C:\DOCUME~1\ALLUSE~1\APPLIC~1\WINFIL~1\WINFIL~1.DLL”,_uninstall /un”
- HKLM\System\CurrentControlSet\Services\8c33f9f6\Type: 0×00000010
- HKLM\System\CurrentControlSet\Services\8c33f9f6\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\8c33f9f6\ErrorControl: 0×00000000
- HKLM\System\CurrentControlSet\Services\8c33f9f6\ImagePath: “”%SysDir%\rundll32.exe” “c:\docume~1\alluse~1\applic~1\winfil~1\WinFilterSvc.dll”,service”
- HKLM\System\CurrentControlSet\Services\8c33f9f6\DisplayName: “WinFilter”
- HKLM\System\CurrentControlSet\Services\8c33f9f6\ObjectName: “LocalSystem”
- HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs: “c:\docume~1\alluse~1\applic~1\winfil~1\winfil~1.dll”
Folders:- %Common Appdata%\WinFilter
Files:- %Temp%\__tmp_2e311bb1
- %Common Appdata%\WinFilter\WinFilter.dll
- %Common Appdata%\WinFilter\WinFilterSvc.dll