We received the file WINWCL.EXE and detected that WINWCL.EXE is not good.
WINWCL.EXE is Adware. You should remove the file WINWCL.EXE.
Kill the process WINWCL.EXE and remove WINWCL.EXE from Windows.
Malware Analysis of WINWCL.EXE
Full path on a computer: %WinDir%\Winwcl.exe
Detected by UnHackMe:
Item Name: Sysmanger32
Author:
Related File: %WinDir%\Winwcl.exe
Type: Auto Services
Item Name: WINWCL.EXE
Author: Unknown
Related File: %WinDir%\WINWCL.EXE
Type: Multi AV Detected Files
Item Name: Winwcl.exe
Author: Unknown
Related File: %WinDir%\WINWCL.EXE
Type: Running Processes
Removal Results: Success
Number of reboot: 1
WINWCL.EXE is known as:
Adware.InstallCore.DA.19, Trojan.Xema, a variant of Win32.Spy.Delf.PKE, BehavesLikeTrojan.ShellObject
WINWCL.EXE hash:
- MD5: 27e8a029540608d57a5e0c847c519a5c
The file tries to download information from some web sites.
How to quickly detect WINWCL.EXE presence?
![]( "Registry")
Registry:
![]( "Files")
Files:
Registry:- HKLM\System\CurrentControlSet\Services\Sysmanger32\Type: 0×00000110
- HKLM\System\CurrentControlSet\Services\Sysmanger32\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\Sysmanger32\ErrorControl: 0×00000000
- HKLM\System\CurrentControlSet\Services\Sysmanger32\ImagePath: “%WinDir%\Winwcl.exe”
- HKLM\System\CurrentControlSet\Services\Sysmanger32\DisplayName: “Sysmanger32″
- HKLM\System\CurrentControlSet\Services\Sysmanger32\ObjectName: “LocalSystem”
Files:- %Common Appdata%\systemskey.ini
- C:\Documents and Settings\LocalService\Application Data\ffifswffsf4f.ini
- %WinDir%\Winwcl.exe