We checked some samples of WINTOOLSE.EXE and detected the file WINTOOLSE.EXE as threat.
Remove the WINTOOLSE.EXE file from your computer right now.
Removal tool: http://www.unhackme.com
Malware Analysis of WINTOOLSE.EXE
Full path on a computer: %WinDir%\wintoolse.exe
Detected by UnHackMe:
Item Name: Sysmqsgwers32
Author:
Related File: %WinDir%\wintoolse.exe
Type: Auto Services
Item Name: WINTOOLSE.EXE
Author: Unknown
Related File: %WinDir%\WINTOOLSE.EXE
Type: Multi AV Detected Files
Item Name: wintoolse.exe
Author: Unknown
Related File: %WinDir%\WINTOOLSE.EXE
Type: Running Processes
Removal Results: Success
Number of reboot: 1
WINTOOLSE.EXE is known as:
Trojan.Dishigy, Spyware.Password, Trojan.Dirtjump, a variant of Win32.Spy.Delf.PKE, Trojan.Dishigy.I, W32.Trojan.WVSG-8455, BehavesLikeTrojan.ShellObject, W32.Delf.PKE.tr.spy
WINTOOLSE.EXE hash:
- MD5: c14bb7d6e0bee0e289af6769f75cd1dc
How to quickly detect WINTOOLSE.EXE presence?
![]( "Registry")
Registry:
![]( "Files")
Files:
Registry:- HKLM\System\CurrentControlSet\Services\Sysmqsgwers32\ImagePath: “%WinDir%\wintoolse.exe”
- HKLM\System\CurrentControlSet\Services\Sysmqsgwers32\DisplayName: “Sysmqsgwers32″
- HKLM\System\CurrentControlSet\Services\Sysmqsgwers32\ObjectName: “LocalSystem”
Files:- %Common Appdata%\systemskey.ini
- C:\Documents and Settings\LocalService\Application Data\ffifsssfdfsf4f.ini
- %WinDir%\wintoolse.exe