We checked some samples of WEBNDIS.SYS and detected the file WEBNDIS.SYS as threat.
Remove the WEBNDIS.SYS file from your computer right now.
Removal tool: http://www.unhackme.com
Malware Analysis of WEBNDIS.SYS
Full path on a computer: %SysDir%\drivers\WebNdis.sys
Detected by UnHackMe:
Item Name: WEBNDIS.SYS
Author: Unknown
Related File: %SYSDIR%\DRIVERS\WEBNDIS.SYS
Type: Multi AV Detected Files
After first reboot detected by UnHackMe:
Item Name: WebNdis
Author:
Related File: \??\%SysDir%\drivers\WebNdis.sys
Type: Services detected by Partizan
Removal Results: Success
Number of reboot: 2
WEBNDIS.SYS is known as:
Trojan.Zzinfor.C, W32.Agentb.ABRD.tr
WEBNDIS.SYS hash:
- MD5: c3e3c66bfdb18f8bf7f5d3798a0f1ee6
The file tries to download information from some web sites.
How to quickly detect WEBNDIS.SYS presence?
![]( "Registry")
Registry:
![]( "Files")
Files:
Registry:- HKLM\System\CurrentControlSet\Services\WebNdis\Type: 0×00000001
- HKLM\System\CurrentControlSet\Services\WebNdis\Start: 0×00000003
- HKLM\System\CurrentControlSet\Services\WebNdis\ErrorControl: 0×00000001
- HKLM\System\CurrentControlSet\Services\WebNdis\ImagePath: “\??\%SysDir%\drivers\WebNdis.sys”
- HKLM\System\CurrentControlSet\Services\WebNdis\DisplayName: “WebNdis”
Files:- %SysDir%\drivers\WebNdis.sys