Support Forum Articles File Help Startup DB Tips Service DB Hijack This! Analyzer

 

HijackThis automated log analyzer! Submit a log and you will receive ALL the information we have in our DB's on everything on your system INSTANTLY!

windrv32.exe


Click here to Run a Free Scan for windrv32.exe Related Errors

windrv32.exe
What is it?
windrv32.exe is a file associated with the W32.Mydoom.T@mm mass mailing worm

What does it do?
W32.Mydoom.T@mm is a mass-mailing worm that downloads a copy of Backdoor.Nemog.B.
Once W32.Mydoom.T@mm is executed, it performs the following actions:
  1. Creates the following copies of itself:
    • %System%windrv32.exe
    • %Userprofile%Start MenuProgramsStartupautostart.exe

      Notes:
    • %System% is a variable that refers to the System folder. By default, this is C:WindowsSystem (Windows 95/98/Me), C:WinntSystem32 (Windows NT/2000), or C:WindowsSystem32 (Windows XP).
    • %Userprofile% is a variable that refers to the current user's profile folder. By default, this is C:Documents and Settings<Current User> (Windows NT/2000/XP).
  2. Downloads, saves, and executes a temporary file from one of the following domains:
  3. Adds the value:


    "WinSPF" = "%System%windrv32.exe"

    to the following registry keys:

    HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun
    HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun

    so that it is executed every time Windows starts.
More info and Removal
@symantec

Fix windrv32.exe Errors: Free Scan

Recommended: Free PC Speed Test - what is slowing down your PC?


windrv32.exe is Spyware!

Can't connect to local MySQL server through socket '/var/lib/mysql/mysql.sock' (111)
Startup DB Entries: