I’ve read on different places and this process/file seems to be some sort of malicious software, I have scanned with my ISP’s AntiVirus which is powered by Kaspersky, Spybot and Dr.Web Live CD. None of them seem to detect it as anything.
I only noticed it because my firewall was telling me it was trying to access the Internet.
The Win.exe file is located in C:\Users\Stephen\AppData\Local\Temp\
In addition to this, I also found temporary print screen images from when I last browsed the Internet in the same temp folder from before I started blocking the win.exe’s access to the Internet. (I did not use the printscreen key by the way it just appeared there).
I tried scanning the file on VirusTotal and the results were as follows:
Antivirus Version Last Update Result
AhnLab-V3 2010.07.21.00 2010.07.20 -
AntiVir 8.2.4.22 2010.07.20 -
Antiy-AVL 2.0.3.7 2010.07.15 -
Authentium 5.2.0.5 2010.07.21 -
Avast 4.8.1351.0 2010.07.20 -
Avast5 5.0.332.0 2010.07.20 -
AVG 9.0.0.851 2010.07.20 Dropper.Small.EJU
BitDefender 7.2 2010.07.21 -
CAT-QuickHeal 11.00 2010.07.20 -
ClamAV 0.96.0.3-git 2010.07.21 -
Comodo 5492 2010.07.21 -
DrWeb 5.0.2.03300 2010.07.21 -
Emsisoft 5.0.0.34 2010.07.20 -
eSafe 7.0.17.0 2010.07.20 -
eTrust-Vet 36.1.7725 2010.07.21 -
F-Prot 4.6.1.107 2010.07.21 -
F-Secure 9.0.15370.0 2010.07.21 -
Fortinet 4.1.143.0 2010.07.20 -
GData 21 2010.07.21 -
Ikarus T3.1.1.84.0 2010.07.20 -
Jiangmin 13.0.900 2010.07.20 -
Kaspersky 7.0.0.125 2010.07.21 -
McAfee 5.400.0.1158 2010.07.21 -
McAfee-GW-Edition 2010.1 2010.07.21 -
Microsoft 1.6004 2010.07.20 -
NOD32 5296 2010.07.20 probably a variant of Win32/Injector.BAI
Norman 6.05.11 2010.07.20 -
nProtect 2010-07-20.02 2010.07.20 -
Panda 10.0.2.7 2010.07.20 -
PCTools 7.0.3.5 2010.07.21 -
Prevx 3.0 2010.07.21 -
Rising 22.57.01.04 2010.07.20 -
Sophos 4.55.0 2010.07.21 -
Sunbelt 6610 2010.07.21 -
SUPERAntiSpyware 4.40.0.1006 2010.07.21 -
Symantec 20101.1.1.7 2010.07.21 -
TheHacker 6.5.2.1.322 2010.07.20 -
TrendMicro 9.120.0.1004 2010.07.20 -
TrendMicro-HouseCall 9.120.0.1004 2010.07.21 -
VBA32 3.12.12.6 2010.07.20 -
ViRobot 2010.6.21.3896 2010.07.20 -
VirusBuster 5.0.27.0 2010.07.20 -
How can I safely remove this thing? Whatever it is… and how can I make sure there is nothing else like it that my scanners aren’t detecting?
‘win.exe *32′ Process?
By mobile virus Posted in: F-Secure Mobile Security
Leave a Reply
You must be logged in to post a comment.
See More Infomations
New Articles in Category227
Monthly Archive:
- May 2012
- April 2012
- March 2012
- February 2012
- January 2012
- December 2011
- November 2011
- October 2011
- September 2011
- August 2011
- July 2011
- June 2011
- May 2011
- April 2011
- March 2011
- February 2011
- January 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- Categories
- android virus (391)
- blackberry virus (113)
- F-Secure Mobile Security (134)
- iphone virus (644)
- phone virus (1687)
More Interesting Things
©2011 Mobile Phone Virus, All rights reserved.
Your current protection should have troubles getting rid of it. Update all your protection programs and run full scans again. It it gets detected, you win.
If no, you’ll probably need to get rid of it manually.
Try this website:
http://www.file.net/process/win.exe.html
I know it may not cover 100% of this issue, as viruses develop the same way as antivirus programs, but you’ll be safe.
The fact that it sits in the Temp folder points to possibility that it was downloaded while you were browsing the Internet, download some stuff… who knows.
try scanning with mALWAREBYTES and HITMAN PRO for adifferent opinion. MBYTES is free, hitman pro has a 15 day trial version