Trojan . Trojan.Winshost (Summary)
Software Name: Trojan.Winshost
Company Name:
Product Name: Trojan.Winshost
Classification: Trojan
Website:
Brief:
Silently connects to remote locations where it downloads files and other executeables. May attempt to disable or delete certain security applications. Blocks connection to major security software sites.
IMPORTANT!
Some of the Trojan.Trojan.Winshost components
are listed below. The list is compiled as a reference. The list might
not be complete and it doesn't represent instructions for manual removal.
We DO NOT recommend manual removal. Incorrect removal
of certain software might make your computer unstable or even unusable.
Removal of adware component might affect the related ad-supported software.
If you suspect that you have an unwanted instance of Trojan.Winshost
installed on your computer we recommend a free
audit of your system with INAC Anti Spyware.
Trojan.Winshost might create following folders (and inject its files inside
the folders):
n/a
Trojan.Winshost might create following files (some of the files might be
loaded in memory while the software is running):
- %WINDOWS%3234.exe
- %SYSTEM%\windll.exe
- %SYSTEM%\winshost.exe
- %SYSTEM%\wiwshost.exe
Trojan.Winshost is often accompanied by the following tracking cookies:
n/a
Trojan.Winshost might create following registry keys (and inject subkeys
and values):
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru1n
- HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Ru1n
Trojan.Winshost might create following registry values:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|winshost.exe
- HKEY_USERS\*\Software\Microsoft\Windows\CurrentVersion\Run|winshost.exe
Trojan.Winshost might create registry values with following data:
n/a
Trojan.Winshost might insert following entries in the HOSTS file:
- 127.0.0.1 updates1.kaspersky-labs.com
- 127.0.0.1 avp.ch
- 127.0.0.1 avp.ru
- 127.0.0.1 awaps.net
- 127.0.0.1 download.microsoft.com
- 127.0.0.1 downloads.microsoft.com
- 127.0.0.1 engine.awaps.net
- 127.0.0.1 ftp.f-secure.com
- 127.0.0.1 ftp.sophos.com
- 127.0.0.1 go.microsoft.com
- 127.0.0.1 msdn.microsoft.com
- 127.0.0.1 office.microsoft.com
- 127.0.0.1 phx.corporate-ir.net
- 127.0.0.1 service1.symantec.com
- 127.0.0.1 support.microsoft.com
- 127.0.0.1 vil.nai.com
- 127.0.0.1 viruslist.ru
- 127.0.0.1 windowsupdate.microsoft.com
- 127.0.0.1 www.avp.ch
- 127.0.0.1 www.awaps.net
- 127.0.0.1 www.kaspersky.ru
- 127.0.0.1 www.viruslist.ru
- 127.0.0.1 ftp.kasperskylab.ru
- 127.0.0.1 ftp.avp.ch
- 127.0.0.1 updates3.kaspersky-labs.com
- 127.0.0.1 updates4.kaspersky-labs.com
- 127.0.0.1 updates2.kaspersky-labs.com
- 127.0.0.1 updates5.kaspersky-labs.com
- 127.0.0.1 www.kaspersky-labs.com
- 127.0.0.1 www3.ca.com
- 127.0.0.1 ids.kaspersky-labs.com
- 127.0.0.1 www.grisoft.com
- 127.0.0.1 downloads-us2.kaspersky-labs.com
- 127.0.0.1 downloads-us3.kaspersky-labs.com
- 127.0.0.1 ftp.downloads2.kaspersky-labs.com
Click
here to scan your computer for Trojan.Winshost free of charge
|
