• Undesirable program

    WINLIVE.EXE Information

    This is an undesirable program.

    This file has been identified as a program that is undesirable to have running on your computer. This consists of programs that are misleading, harmful, or undesirable.

    If the description states that it is a piece of malware, you should immediately run an antivirus and antispyware program. If that does not help, feel free to ask us for assistance in the forums.

  • Name
    Local area connection
  • Filename
    winlive.exe
  • Command
    winlive.exe
  • Description
    Added by the W32/Rbot-FPH worm and IRC backdoor.

    W32/Rbot-FPH spreads to other network computers by:

    - exploiting common buffer overflow vulnerabilities, including: ASN.1 (MS04-007)

    - networks protected by weak passwords

    W32/Rbot-FPH includes functionality to:

    - access the internet and communicate with a remote server via HTTP
    - act as a proxy redirecting internet traffic
    - terminate security and anti-virus related processes
    - perform DDoS attacks
    - log keypresses
    - set up an FTP server
    - harvest clipboard data
    - start a remote shell (RLOGIN)
    - port scanning
    - packet sniffing
    - download/execute arbitrary files
  • File Location
    %WinDir%
  • Startup Type
    This startup entry is started automatically from a Run, RunOnce, RunServices, or RunServicesOnce entry in the registry.
  • HijackThis Category
    O4 Entry
  • Note
    %Windir% refers to the Windows installation folder. By default, this is C:\Windows for Windows 95/98/ME/XP/Vista/7 or C:\Winnt for Windows NT/2000.
  • This entry has been requested 5,023 times.

Disclaimer

It is assumed that users are familiar with the operating system they are using and comfortable with making the suggested changes. BleepingComputer.com will not be held responsible if changes you make cause a system failure.

This is NOT a list of tasks/processes taken from Task Manager or the Close Program window (CTRL+ALT+DEL) but a list of startup applications, although you will find some of them listed via this method. Pressing CTRL+ALT+DEL identifies programs that are currently running - not necessarily at startup. Therefore, before ending a task/process via CTRL+ALT+DEL just because it has an "X" recommendation, please check whether it's in MSCONFIG or the registry first. An example would be "svchost.exe" - which doesn't appear in either under normal conditions but does via CTRL+ALT+DEL. If in doubt, don't do anything.

Search Startups

Login

Remember Me
Sign in anonymously