winsystem.exe

Last Updated on Saturday, 05 March 2011 12:09 Thursday, 19 November 2009 15:34

Harmful - EXE

I have changed the format of my articles to make it easier to comprehend the vital information. The virus manufacturers are churning out newer version of their infamous installers, so in order to accommodate the latest, I will simply provide you with the bare minimum, You can read any of my previous articles to get an idea of how to remove these things step by step.

I have no idea if there is any legitimate application using this file name WinSystem.exe, however looking at the name it looks highly unlikely that no legitimate application could be using this name, hence take precaution before deleting it. 

Analysis dated: 19 Nov 2009, File size: 3.2 MB here is the full Threat Expert Report

It is a Trojan that can steal user names and passwords and send out email messages with the built-in SMTP client engine and further download more files.  These are the two sites that it communicates with
38.97.225.209, the-js.net

These are the files that it creates on the infected computer. Delete them.

C:\winsystem.exe
C:\Windows\log0.sph
C:\Windows\System32\drivers\GBPKM2.SYS
C:\Windows\System32\reg_0001.txt

The process winsystem.exe could be seen in the Task Manager which you can End. If this file is not in the said location, you can nevertheless delete it, wherever it is found. You can use windows search utility to search for the files  listed above and delete them. 

For additional cleaning, you can easily get rid of temp files and obsolete registry entries simply by running a freeware like the CCleaner. and you can set CCleaner to run automatically each time the computer starts. 

more about CCleaner on this link

I have noticed a new virus/ worm that uses this file name. see report

C:\AutoRun.inf
C:\DeskTop.ini
C:\WinSystem.exe
C:\Windows\WinSystem.exe

 

  (reprinted with permission from Threat Expert. com)