We checked some samples of WINDOS32.EXE and detected the file WINDOS32.EXE as threat.
Remove the WINDOS32.EXE file from your computer right now.
Removal tool: http://www.unhackme.com
Malware Analysis of WINDOS32.EXE
Full path on a computer: %Program Files%\Internet Explorer\Windos32.exe
Detected by UnHackMe:
WINDOS32.EXE
Default location: %Program Files%\Internet Explorer\Windos32.exe
Removal Results: Success
Number of reboot: 1
WINDOS32.EXE is known as:
Trojan.SystemHijack.C6, Posible_Worm32, Backdoor.Trojan, Trojan.Yoddos.MVFXI.O8y24, Trojan.DownLoader6.4625, BehavesLike.Malware.eah (mx-v), Mal.Behav-031, Troj.Undef.(kcloud), Trojan.Yoddos.C, BScope.Trojan.Inject.2, a variant of Win32.Yoddos.AC, Trojan.SystemHijack, W32.SPNR.02JI12.tr, unknown virus Win32.DH{Awk2Jzs}
WINDOS32.EXE hash:
- MD5: 4addb07445e34cd5951dead97c9afe11
How to quickly detect WINDOS32.EXE presence?
![]( "Registry")
Registry:
![]( "Files")
Files:
Registry:- HKLM\System\CurrentControlSet\Services\Windos32\Type: 0×00000010
- HKLM\System\CurrentControlSet\Services\Windos32\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\Windos32\ErrorControl: 0×00000000
- HKLM\System\CurrentControlSet\Services\Windos32\ImagePath: “%Program Files%\Internet Explorer\Windos32.exe”
- HKLM\System\CurrentControlSet\Services\Windos32\DisplayName: “Windows Help System”
- HKLM\System\CurrentControlSet\Services\Windos32\ObjectName: “LocalSystem”
- HKLM\System\CurrentControlSet\Services\Windos32\SYSTEM\CurrentControlSet\Services\Windos32: “Windows Help System for X32 windows desktop”
Files:- %Program Files%\Internet Explorer\Windos32.exe