Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

HijackThis automated log analyzer! Submit a log and you will receive ALL the information we have in our DB's on everything on your system INSTANTLY!

WinHook32.exe


Click here to Run a Free Scan for WinHook32.exe Related Errors

WinHook32.exe
What is it?
WinHook32.exe is a file associated with the W32.mydoom.ac@mm worm

What does it do?
W32.Mydoom.AC@mm is a mass-mailing worm that launches a Denial of Service (DoS) attack against a remote server. It can also spread through file-sharing networks.
Copies itself as WinHook32.exe in the system folder
  1. Adds the value:

    "SystemWideHook for Windows NT" = "%WinHook32.exe"

    to the registry key:

    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersion
    RunServices
  2. Adds the value:

    "Run" = "WinHook32.exe"

    to the registry key:

    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersion
    policiesExplorer
  3. Creates a mutex named "focDSJSODidvjfdsivraSDOSDoisdi", so that only one copy of the worm runs at once on the compromised system.
Searches for the Kazaa, Morpheus, and iMesh-shared folders by querying the registry. It also searches for the following folders:
    • C:Program FileseDonkey2000Incoming
    • C:Program FilesLimeWireShared
  1. Copies itself to the file share folders found, using the following file names:
    • MSNCracker2005.exe
    • GameCrack2005.exe
    • Windows_Activation.exe
    • XP_Crack.exe
    • Office2005.exe
    • Install.exe
    • Setup.exe
Removal

@symantec

Fix WinHook32.exe Errors: Free Scan

Recommended: Run a Free Performance Scan to automatically optimize memory, CPU and Internet Settings




WinHook32.exe is Spyware!

Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
Startup DB Entries: