The file WINNTSERVICE.VBS can destroy your system, thus making the computer to work abnormally.
WINNTSERVICE.VBS is a dangerous file.
RemoveWINNTSERVICE.VBS from your computer immediately.
Kill the process WINNTSERVICE.VBS and remove WINNTSERVICE.VBS from the Windows startup.
Malware Analysis of WINNTSERVICE.VBS
Full path on a computer: %Appdata%\WinNTService.vbs
Detected by UnHackMe:
Item Name: FlashWin
Author: Unknown
Related File: %ALLUSERSPROFILE%\WINUPDATE.EXE
Type: Explorer Run
Item Name: WinUpdate.exe
Author: Unknown
Related File: %ALLUSERSPROFILE%\WINUPDATE.EXE
Type: Running Processes
Item Name: Update
Author: Unknown
Related File: %APPDATA%\WINNTSERVICE.VBS
Type: Explorer Run
Removal Results: Success
Number of reboot: 1
WINNTSERVICE.VBS is known as:
Trojan.ProxyChanger
WINNTSERVICE.VBS hash:
- MD5: bbdb05db8fe0bee45d21f787bc52e85e
The file is used for downloading and installing other malware, Trojans, viruses by the commands received from the Command Center.
How to quickly detect WINNTSERVICE.VBS presence?
Registry:
- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\FlashWin: “”%AllUsersProfile%\WinUpdate.exe”"
- HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\Update: “Wscript.exe /B “%Appdata%\WinNTService.vbs”"
Files:
- %Appdata%\WinNTService.vbs
- %AllUsersProfile%\WinUpdate.exe