How to remove the win32 virus
Most antivirus programs identify win32.exe as malware, e.g. Symantec identifies it as Trojan.Adclicker or Downloader, and Microsoft identifies it as TrojanSpy:Win32/Malintent or TrojanClicker:Win32/Hatigh.C.
The free file information forum can help you find out how to remove it. If you know more about this file, please leave a comment or a hint for other users.
Click to Run a Free Virus Scan for the win32.exe malware
Win32.exe file information
The process known as FAH4.00 belongs to software Windows Update or Win32k.exe or Folding@home Client or AOL Instant Messenger by Stanford University (www.stanford.edu).
Description: win32.exe is located in the folder C:\Windows\System32.
Known file sizes on Windows 7/XP are 15,360 bytes (29% of all occurrences), 1,389,047 bytes and 8 more variants.
There is no information about the author of the file. The file is not a Windows system file. The program starts upon Windows startup (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Runonce).
The program has no visible window. The file is an unknown file in the Windows folder. Program listens for or sends data on open ports to a LAN or the Internet.
win32.exe is able to monitor applications, hide itself, record inputs and manipulate other programs.
Therefore the technical security rating is 77% dangerous, however also read the users reviews.
Recommended: Identify win32.exe related errors
If win32.exe is located in a subfolder of "C:\Documents and Settings", the security rating is 72% dangerous. The file size is 22,528 bytes (30% of all occurrences), 7,755 bytes and 5 more variants. The application has no file description. Win32.exe is not a Windows core file. The program is not visible. Program listens for or sends data on open ports to a LAN or the Internet. win32.exe is able to manipulate other programs and monitor applications.
If win32.exe is located in a subfolder of "C:\Program Files", the security rating is 39% dangerous. The file size is 245,760 bytes (66% of all occurrences), 9,826 bytes or 21,508 bytes.
The program is not visible. It is not a Windows core file. Program can be uninstalled in the Control Panel.
win32.exe is able to monitor applications and manipulate other programs.
In the event of any problems with win32.exe, you can also remove the entire program Win32 or AOL Instant Messenger using Windows Control Panel.
If win32.exe is located in the folder C:\Windows, the security rating is 89% dangerous. The file size is 28,672 bytes (50% of all occurrences), 119,296 bytes, 10,129 bytes or 737,280 bytes.
If win32.exe is located in a subfolder of C:\Windows, the security rating is 83% dangerous. The file size is 5,269 bytes (20% of all occurrences), 7,723 bytes, 6,501 bytes, 6,411,212 bytes or 6,376 bytes.
If win32.exe is located in C:\, the security rating is 56% dangerous. The file size is 6,830,087 bytes.
If win32.exe is located in a subfolder of C:\, the security rating is 69% dangerous. The file size is 1,613,824 bytes (50% of all occurrences) or 284,672 bytes.
If win32.exe is located in the Windows Temp folder, the security rating is 56% dangerous. The file size is 36,868 bytes.
If win32.exe is located in the folder C:\Windows\System32\drivers, the security rating is 68% dangerous. The file size is 20,480 bytes (50% of all occurrences) or 14,848 bytes.
If win32.exe is located in the folder "C:\Program Files", the security rating is 82% dangerous. The file size is 275,968 bytes.
If win32.exe is located in a subfolder of C:\Windows\System32, the security rating is 46% dangerous. The file size is 428,544 bytes.
External information from Paul Collins:
There are different files with the same name:
- "WIN32" definitely not required. Added by the RATEGA TROJAN!
- "Win32" definitely not required. Added by the ISRAZ.A WORM!
- "win32.exe" definitely not required. Added by the STARTPAGE TROJAN!
- "winprotect" definitely not required. Added by the MUGLY.E WORM!
Important: Some malware camouflages itself as win32.exe, particularly when located in the c:\windows or c:\windows\system32 folder. Therefore, you should check the win32.exe process on your PC to see if it is a threat. We recommend Security Task Manager for verifying your computer's security. This was one of the Top Download Picks of The Washington Post and PC World.
Score
User Comments
$hab
evan
NG
Masako
mickey
Sheila
Johnny
nawal
Win32 scanner
Security Task Manager shows all running Windows tasks including embedded hidden functions (e.g. keyboard or browser monitoring, autostart entry). A unique security risk rating indicates the likelihood of the process being potential spyware, malware, keylogger or a Trojan. MalwareBytes detects and removes sleeping spyware, adware, trojans, keyloggers, malware and tracking threats from your hard disk. Ideal supplement to Security Task Manager. SpeedUpMyPC scans, cleans, repairs and optimizes your computer. |
Other processes
elbycdfl.sys opvapp.exe wzcbdls.exe win32.exe gebcb.dll cinemsup.sys imsmain.exe bh309190.dll dne2000.sys asuswsservice.exe ddccy.dll [all]
rob