Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer


HijackThis automated log analyzer! Submit a log and you will receive ALL the information we have in our DB's on everything on your system INSTANTLY!


Click here to Run a Free Scan for WinHook32.exe Related Errors

What is it?
WinHook32.exe is a file associated with the worm

What does it do?
W32.Mydoom.AC@mm is a mass-mailing worm that launches a Denial of Service (DoS) attack against a remote server. It can also spread through file-sharing networks.
Copies itself as WinHook32.exe in the system folder
  1. Adds the value:

    "SystemWideHook for Windows NT" = "%WinHook32.exe"

    to the registry key:

  2. Adds the value:

    "Run" = "WinHook32.exe"

    to the registry key:

  3. Creates a mutex named "focDSJSODidvjfdsivraSDOSDoisdi", so that only one copy of the worm runs at once on the compromised system.
Searches for the Kazaa, Morpheus, and iMesh-shared folders by querying the registry. It also searches for the following folders:
    • C:Program FileseDonkey2000Incoming
    • C:Program FilesLimeWireShared
  1. Copies itself to the file share folders found, using the following file names:
    • MSNCracker2005.exe
    • GameCrack2005.exe
    • Windows_Activation.exe
    • XP_Crack.exe
    • Office2005.exe
    • Install.exe
    • Setup.exe


Fix WinHook32.exe Errors: Free Scan

Recommended: Run a Free Performance Scan to automatically optimize memory, CPU and Internet Settings

WinHook32.exe is Spyware!

Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
Startup DB Entries: