Winitr32.exe

[Mohandas]

Dear All,

I have this file - winitr32.exe suddenly came up in the process list.
It takes almost all the CPU space. Sometimes just one file, other
times 3 or 4 copies together that share the CPU.

During boot up, the desktop freezes with the mouse pointer in busy
mode. I have to do Ctrl+alt+del to call the task manager and then end
process the winitr32.exe, to start the computer.

I deleted the file from winnt/system32 in safe mode and did a registry
check. Deleted wherever winitr32.exe appeared. But after sometime, the
file appeared again in process list eating CPU.

Any help?

Thanks,
Mohandas-Bangalore

 

[Sunil Pinto]

..
Here is the explanation

winitr32.exe

W32/Forbot-C is a worm which attempts to spread to remote network shares.
The worm also contains backdoor Trojan functionality, allowing unauthorised
remote access to the infected computer via IRC channels.
It moves itself to the Windows system folder as winitr32.exe and creates the
following registry entries to run itself on system logon:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Win32 Wmls Driver =
winitr32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\Win32 Wmls Driver =
winitr32.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices\Win32 Wmls Driver
= winitr32.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Win32 Wmls Driver =
winitr32.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\Win32 Wmls Driver =
winitr32.exe

Attempts to spread to network machines using various exploits including the
LSASS vulnerability.
Also, attempts to terminate several processes related to anti-virus and
security related software.

Remove it from startup with RegRun Startup Optimizer

Keep you sytem updated with Windows patches and Antivirus software

 

[Mohandas]

Thank you very much for the information.

But what do you mean by "startup with Regrun Startup Optimizer"?
Sorry I am newbie.

A.Mohandas