Quantcast
Channel: How to Remove Malware
Viewing all articles
Browse latest Browse all 38585

WINNTSERVICE.VBS is Trojan ProxyChanger

$
0
0

The file WINNTSERVICE.VBS can destroy your system, thus making the computer to work abnormally.
WINNTSERVICE.VBS is a dangerous file.
RemoveWINNTSERVICE.VBS from your computer immediately.
Kill the process WINNTSERVICE.VBS and remove WINNTSERVICE.VBS from the Windows startup.

Malware Analysis of WINNTSERVICE.VBS
Full path on a computer: %Appdata%\WinNTService.vbs

Detected by UnHackMe:

Item Name: FlashWin
Author: Unknown
Related File: %ALLUSERSPROFILE%\WINUPDATE.EXE
Type: Explorer Run

Item Name: WinUpdate.exe
Author: Unknown
Related File: %ALLUSERSPROFILE%\WINUPDATE.EXE
Type: Running Processes

Item Name: Update
Author: Unknown
Related File: %APPDATA%\WINNTSERVICE.VBS
Type: Explorer Run

Removal Results: Success
Number of reboot: 1

WINNTSERVICE.VBS is known as:

Trojan.ProxyChanger

WINNTSERVICE.VBS hash:

  • MD5: bbdb05db8fe0bee45d21f787bc52e85e
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect WINNTSERVICE.VBS presence?
Registry:
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\FlashWin: “”%AllUsersProfile%\WinUpdate.exe”"
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Update: “Wscript.exe /B “%Appdata%\WinNTService.vbs”"
Files:
  • %Appdata%\WinNTService.vbs
  • %AllUsersProfile%\WinUpdate.exe


Viewing all articles
Browse latest Browse all 38585

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>