NEWS
PARASITES
SOFTWARE
FORUM
DIRECTORY

 
 
 
 
 
 
  

Remove WinWhatWhere. Description and removal instructions

 
Title: WinWhatWhere
Type: Keyloggers
Severity scale:WinWhatWhere severity is 68  (68 / 100)
 
WinWhatWhere is a commercial computer surveillance product that tracks user activity, monitors system events, logs all keystrokes, takes screenshots, captures online chat conversations and e-mail messages, records passwords and web sites visited. It regularly sends gathered data to a configurable e-mail address. WinWhatWhere must be manually installed. It may automatically run on Windows startup.

FORUM:
Discuss WinWhatWhere in
spyware removal forum

WinWhatWhere properties:
• Takes and sends out screenshots of user activity
• Sends out logs by FTP or email
• Logs keystrokes
• Hides from the user
• Stays resident in background

Automatic WinWhatWhere removal:

remover for WinWhatWhere

WinWhatWhere manual removal:

Kill processes:
express.exe, il40.exe, msdfcng.exe, msegcng.exe, updsem.exe, winsutl.exe, xpress.exe
HELP:
how to kill malicious processes

Delete registry values:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinWhatWhere
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\msdfcng.exe
HELP:
how to remove registry entries

Delete files:
express.exe, il40.exe, msdfcng.exe, msegcng.exe, updsem.exe, winsutl.exe, xpress.exe, _isreg32.dll, winsdoc8.sys, winsdoc16.sys, winsdoc32.sys
HELP:
how to remove harmful files

Misc:
WinWhatWhere files can be found in C:\Windows\System\OLBE, C:\Windows\System32\OLBE or C:\Winnt\System32\OLBE directory.

Other programs to remove WinWhatWhere:

• SUPERAntiSpyware - Review - Download
• CounterSpy - Review - Download
• Windows Defender - Review - Download

Information added: 19/03/04
Information updated: 17/09/05

Additional resources related to WinWhatWhere:

Attention: If you know or you have a website or page about WinWhatWhere removal, feel free to add a link to this list: add url



more resources

Post Comment:

Attention: Use this form only if you have additional information about WinWhatWhere parasite, its removal instructions, additional resources or behavior. By clicking "post comment" button you agree not to post any copyrighted, unlawful, harmful, threatening, abusive, harassing, defamatory, vulgar, obscene, profane, hateful, racially, ethnically or otherwise objectionable material of any kind.



Enter security code:


Comments from visitors:

1. by Lenny. 2004-03-02 21:45:19
A very tricky keylogger.
Puts files all over the place. Uses the registry as a garbage dump.
Installs a whole lot of VB runtime modules and components to the victim machine.
Latest spyware news:
Similar parasites:
Latest Spyware Threats: VirusProtect Pro | VirusLocker | SpyCrush | ContraVirus | SpyLocked | SpyDawn | AntiVerminser | SpywareQuake | VirusBurst | AntiVermins | AntiVermeans | Zlob | PopCorn.net | MovieLand | TagASaurus | BraveSentry | VirusBurster | SystemDoctor | VirusRescue | MalwareWipe | SpySheriff | CmdService | Smitfraud | SpywareStrike | WinFixer | WinHound | PestTrap | UnSpyPC
Agreement of Use | Privacy policy | Webmasters | Contact us | RSS Feeds
© 2001-2008 2-spyware.com All Rights Reserved. Reproduction in part or whole without written permission is prohibited. Powered by: eSolutions.