Wininet.exe Removal
Trend Micro: TROJ_DROPPER.WTH
A Trojan dropper is a malicious file that tries to infect the target's system by anonymously downloading viruses to it and executing them. This Trojan is one of that kind. It resembles a Microsoft Word document that provides information regarding the Development Issues of G-20 of Korea. The name of the zip containing this Trojan is G20IssuesPaper.zip and the document goes by the name Korean G20 Development Issue Paper.doc. When the document is opened by the user, a malicious code is executed along with the opening of that file. This malicious code adds a copy of itself to the temporary folder of the target's system. A process is made to run from this location at every startup by modifying the registry entries. It tries to fool the user by hiding itself by setting up its name as an Adobe update process. The methods used for propagation may be through e-mails or when the user downloads files from unknown sites. These sites add a code to the Word document given for download and this code is executed when the document is opened. Hence, deleting the document is also necessary when the .exe file of the Trojan is removed. The malware can only execute in the commonly used Windows platforms such as XP and 2000. Though the Trojan is hard to detect among the several Word documents, it can be easily deleted once detected. Follow the instructions given below to delete the Trojan.
Manual instructions to delete Wininet.exe:
Posts that might help you here:
Enabling Safe Mode booting, Enabling the Registry , Enable Hidden files and folders option and Enabling the Command Prompt.
A Trojan dropper is a malicious file that tries to infect the target's system by anonymously downloading viruses to it and executing them. This Trojan is one of that kind. It resembles a Microsoft Word document that provides information regarding the Development Issues of G-20 of Korea. The name of the zip containing this Trojan is G20IssuesPaper.zip and the document goes by the name Korean G20 Development Issue Paper.doc. When the document is opened by the user, a malicious code is executed along with the opening of that file. This malicious code adds a copy of itself to the temporary folder of the target's system. A process is made to run from this location at every startup by modifying the registry entries. It tries to fool the user by hiding itself by setting up its name as an Adobe update process. The methods used for propagation may be through e-mails or when the user downloads files from unknown sites. These sites add a code to the Word document given for download and this code is executed when the document is opened. Hence, deleting the document is also necessary when the .exe file of the Trojan is removed. The malware can only execute in the commonly used Windows platforms such as XP and 2000. Though the Trojan is hard to detect among the several Word documents, it can be easily deleted once detected. Follow the instructions given below to delete the Trojan.
Manual instructions to delete Wininet.exe:
- Rebooting the system in the Safe Mode would always be a good idea if you want to delete any virus from your computer since this would not allow unnecessary files to load. Click here if you're finding trouble booting in Safe Mode.
- First, go to your temporary folder by typing
%temp%in the Run box. Once the folder is opened, delete the fileWininet.exe. Use the Command Prompt to delete it if you're unable to find it when opened since the file might be hidden. See this for information regarding deleting files with Command Prompt.Also search for the filesKorean G20 Development Issue Paper.docandG20IssuesPaper.zip. Delete these files so that you don't execute the Trojan again by mistake. - Now that the files are deleted, its time to remove the registry modifications made by the Trojan to your computer. To do so, open Registry Editor from the Start --> Run by typing
regeditin the Run box. Navigate to the following location and delete the entry with the nameAdobeUpdate
Since the code may not be injected into any of the system processes, no other registry modifications are made.HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
AdobeUpdate = "%User Temp%\Wininet.exe" - This is it! You have successfully deleted the Trojan from your computer. Next time, be careful while downloading files from unknown websites.
Posts that might help you here:
Enabling Safe Mode booting, Enabling the Registry , Enable Hidden files and folders option and Enabling the Command Prompt.