We checked up the file WINH01.EXE and found it hazardous.
The file WINH01.EXE must be deleted from the system immediately.
Kill the process WINH01.EXE and remove WINH01.EXE from the Windows startup.
Malware Analysis of WINH01.EXE
Full path on a computer: %SysDir%\WinH01.exe
Detected by UnHackMe:
Item Name: Natio01
Author:
Related File: %SysDir%\WinH01.exe
Type: Auto Services
Removal Results: Success
Number of reboot: 1
WINH01.EXE is known as:
Trojan.MultiGen, Crypt.BFWJ, Trojan.Agent.aaknh, Mal.PWS-DZ, Trojan.SystemHijack, Trojan.Agent, a variant of Win32.Kryptik.BFZG, Trojan-PWS.OnlineGames, PSW.OnlineGames_r.EY
WINH01.EXE hash:
- MD5: d8efd3898aaacf102ae2e9a793b69006
How to quickly detect WINH01.EXE presence?
![]( "Registry")
Registry:
![]( "Files")
Files:
Registry:- HKLM\System\CurrentControlSet\Services\Natio01\Security\Security: 01 00 14 80 90 00 00 00 9C 00 00 00 14 00 00 00 30 00 00 00 02 00 1C 00 01 00 00 00 02 80 14 00 FF 01 0F 00 01 01 00 00 00 00 00 01 00 00 00 00 02 00 60 00 04 00 00 00 00 00 14 00 FD 01 02 00 01 01 00 00 00 00 00 05 12 00 00 00 00 00 18 00 FF 01 0F 00 01 02 00 00 00 00 00 05 20 00 00 00 20 02 00 00 00 00 14 00 8D 01 02 00 01 01 00 00 00 00 00 05 0B 00 00 00 00 00 18 00 FD 01 02 00 01 02 00 00 00 00 00 05 20 00 00 00 23 02 00 00 01 01 00 00 00 00 00 05 12 00 00 00 01 01 00 00 00 00 00 05 12 00 00 00
- HKLM\System\CurrentControlSet\Services\Natio01\Type: 0×00000010
- HKLM\System\CurrentControlSet\Services\Natio01\Start: 0×00000002
- HKLM\System\CurrentControlSet\Services\Natio01\ErrorControl: 0×00000000
- HKLM\System\CurrentControlSet\Services\Natio01\ImagePath: “%SysDir%\WinH01.exe”
- HKLM\System\CurrentControlSet\Services\Natio01\DisplayName: “Domain Ser01″
- HKLM\System\CurrentControlSet\Services\Natio01\ObjectName: “LocalSystem”
- HKLM\System\CurrentControlSet\Services\Natio01\Description: “Provides a domain server01″
Files:- %SysDir%\WinH01.exe