winset32.exe

This file is don´t detect by NOD32

In this site: http://virusscan.jotti.dhs.org/ tell me that file is a:

Service load:
0% 100%
File: winset32.exe
Status:
INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
Packers detected:
UPX

AntiVir BDS/Picharad (1.22 seconds taken)
Avast No viruses found (4.58 seconds taken)
BitDefender Backdoor.Flux.E (2.59 seconds taken)
ClamAV No viruses found (2.76 seconds taken)
Dr.Web BackDoor.Flux.101 (4.52 seconds taken)
F-Prot Antivirus W32/Flux.C@bd (0.37 seconds taken)
Kaspersky Anti-Virus Backdoor.Win32.Flux.e (4.22 seconds taken)
mks_vir Trojan.Downloader.Myway (1.34 seconds taken)
NOD32 No viruses found (2.71 seconds taken)
Norman Virus Control W32/Flux.E (1.05 seconds taken)

Please a i need to remove this file. And i need that NOD32 detect this malware. Please update the definitions list

Thanks alot

 

Can you send a zipped copy of the file to samples@nod32.com

Can you also try the steps found here

Let us know how you go...

Cheers

 

Thanks i send the email with the attach in zip.

I do, i have a lavasoft SE 1.05 and alot remove spyware and cleaners but the file don´t be detect ...

Thanks alot.

 

Did you try Step 4 in the link that I posted?

Cheers

 

Hi, here are manual removal instructions:

1. Open Windows task manager [ right click on task bar>task manager ]
Kill the process IEXPLORE.EXE

2. Turn off system restore [ right click My Computer>Properties>System Restore>Turn off ]

3.Go to Registry Editor [ Start>Run>Type Regedit>press ENTER ]

4. In the left panel, double-click the following:
HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>
Windows>CurrentVersion>Run

In the right panel, locate and delete the entry:
sys32 = "%System%\SYS32.EXE"

In the left panel, double-click the following: HKEY_CURRENT_USERS>Software>Microsoft>Windows>
CurrentVersion>Run

In the right panel, locate and delete the entry:
sys32 = "%System%\SYS32.EXE"

In the left panel, double-click the following: HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Active Setup>
Installed Components>{73AA3483-8D3C-7B5E-6C6A-8E418B5B774B}

In the right panel, locate and delete the entry:
StubPath = "%System%\SYS32.EXE 2"

(Note: %System% is the Windows system folder, which is usually C:\Windows\System on Windows 95, 98, and ME, C:\WINNT\System32 on Windows NT and 2000, or C:\Windows\System32 on Windows XP.)

# Close Registry Editor.

5. Reboot PC and turn on system restore.


Take care while in the Windows Registry, only delete those specified.

 

Hi bartmdq,

To give reference to Sweetie(*)(*) 's manual removal instructions:
Trend Micro: BKDR_FLUX.E

Though there is no mention on that page of a winset32.exe file, so this may be a new variant using winset32.exe. It's good then that you have sent the file off to Eset for analysis.

I would also suggest that you do an on-line scan too.

Regards,

snap

 

look i have that too.... it sux.. i think it does a xmas_scan and connects to a remote host..... Symantec Antivirus Corporate 8.0 detected it.... wellll alll 5000 its... if there is one on ur computer dude... ur screwwed it replicates... so remove it from the registry