Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer


HijackThis automated log analyzer! Submit a log and you will receive ALL the information we have in our DB's on everything on your system INSTANTLY!


Click here to Run a Free Scan for funny.exe Related Errors

What is it?
funny.exe is a file associated with the w32.funner worm.

What does is do?
W32.Funner is a worm that spreads using Microsoft's Windows Messenger instant message program and modifies the hosts file.

When W32.Funner is executed, it performs the following actions:
  1. Copies itself as:
    • %System%IEXPLORE.EXE
    • %System%EXPLORE.EXE
    • %Windir% undll32.exe
    • %System%userinit32.exe
    • c:funny.exe

      and executes the first three files listed.

    • The three files make sure that the other two are running and will restart them if any are stopped.
    • These files require the MSVBVM60.DLL file, which is a component of the Microsoft Visual Basic run-time environment.
    • %System% is a variable that refers to the System folder. By default this is C:WindowsSystem (Windows 95/98/Me), C:WinntSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows XP).
    • %Windir% is a variable that refers to the Windows installation folder. By default, this is C:Windows or C:Winnt.
  2. Creates a log file named %System%sfirst2.log.
  3. Adds the value:


    to the registry key:

    HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon

    so that the userinit32.exe runs when you start Windows.
More info and Removal

Fix funny.exe Errors: Free Scan

Recommended: Run a Free Performance Scan to automatically optimize memory, CPU and Internet Settings

funny.exe is Spyware!

Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (2)
Startup DB Entries: