Virus Alert – WINSYS32.EXE

Winsys32.exe installs with the Backdoor.Cigivip virus. This virus gives a remote user access to your system. That user may try to capture passwords and log-in info for instant messaging programs including AOL Instant Messenger, MSN Messenger and ICQ. We'd recommend using WinPatrol to remove this file. First, go to your Active Tasks tab and kill the file there. Then go to your Startup Progarms tab and remove the file there. Additional background information on this virus can be found at http://securityresponse.symantec.com/avcenter/venc/data/backdoor.cigivip.html.

Winsys32.exe also installs with WORM_RBOT.BD. This worm spreads across weakly protected networks. It can allow a remote user to access your system via an IRC port. This user may attempt to capture CD keys for popular games. We'd recommend removing this file using WinPatrol. Additional background information can be found at http://uk.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=59982&VName;=WORM_RBOT.BD&VSect;=T.

Some also categorize this file as RedShell. More info on that can be found at http://www.pestpatrol.com/PestInfo/r/redshell_1_0.asp.

Virus

Remove