|
Malware -
Harmful EXE
|
www.exe is a filename that has appeared recently in several infections of a Trojan Horse/Backdoor Virus, which has following characteristics. 1) creates a windows service with the name "Computer browsers" 2) Opens TCP ports 3) Connects to a remote host "zxtz.3322.org" 4) creates an entry in the startup 5) installs a keylogger that can steal your important information.
| Aliases: There are a number of aliases, You can find a list of them on this link
| Delete these Files: The place where www.exe could be found is %Windir%\www.exe %Windir% refers to Windows installation folder. By default C:\Windows or C:\Winnt | | View Hidden Files: Before you could delete www.exe, and its associated files you need to search for them, and before doing that you need to enable to view hidden files and folders Click here to read more... | | Boot in safe mode: Sometimes you will not be able to delete a file even if you find it, in that case you should boot in safe mode and then try to delete it/ them. Click here to read more... | | End Process in the Task Manager: If you find www.exe running in the Task Manager, you can select it and press End process button, that will help you to delete it from the hard disk later. Click here to read more... | Remove entry from Windows Startup: Look in the windows startup, by opening the system configuration utility and remove the entry of olhrwef.exe if found. Click here to read more...
| Remove entry from Services: This malware creates an entry in the services with the name "Computer Browsers" or "Browsers". You can see that in the services tab in the system configuration utility. Uncheck it from there. Click here to read more...
| | Unable to open Task Manager: If that happens, you can try these free tools to enable the task manager again. Click here to read more... | | Run CCleaner : If you manage to find www.exe and delete it, even then there will be associated entries in the windows registry. If you run a free software called CCleaner, that will help you to automatically clean the registry from the virus entries. Click here to read more... | Delete the registry keys manually: If you are brave enough to do so. You can edit the registry by using the windows built in registry editor. Click here to read more... You can find the registry entries created by www.exe on this link Best of Luck reference with permission from Threatexpert |
|
