English | Deutsch


How to remove the win32 virus


Most antivirus programs identify win32.exe as malware, e.g. Symantec identifies it as Trojan.Adclicker or Downloader, and Microsoft identifies it as TrojanSpy:Win32/Malintent or TrojanClicker:Win32/Hatigh.C.
The free file information forum can help you find out how to remove it. If you know more about this file, please leave a comment or a hint for other users.

Click to Run a Free Virus Scan for the win32.exe malware


Win32.exe file information

The process known as FAH4.00 belongs to software Windows Update or Win32k.exe or Folding@home Client or AOL Instant Messenger by Stanford University (www.stanford.edu).

Description: win32.exe is located in the folder C:\Windows\System32. Known file sizes on Windows 7/XP are 15,360 bytes (29% of all occurrences), 1,389,047 bytes and 8 more variants. http://www.file.net/process/win32.exe.html 
There is no information about the author of the file. The file is not a Windows system file. The program starts upon Windows startup (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Runonce). The program has no visible window. The file is an unknown file in the Windows folder. Program listens for or sends data on open ports to a LAN or the Internet. win32.exe is able to monitor applications, hide itself, record inputs and manipulate other programs. Therefore the technical security rating is 77% dangerous, however also read the users reviews.

Recommended: Identify win32.exe related errors

If win32.exe is located in a subfolder of "C:\Documents and Settings", the security rating is 72% dangerous. The file size is 22,528 bytes (30% of all occurrences), 7,755 bytes and 5 more variants. The application has no file description. Win32.exe is not a Windows core file. The program is not visible. Program listens for or sends data on open ports to a LAN or the Internet. win32.exe is able to manipulate other programs and monitor applications.

If win32.exe is located in a subfolder of "C:\Program Files", the security rating is 39% dangerous. The file size is 245,760 bytes (66% of all occurrences), 9,826 bytes or 21,508 bytes. The program is not visible. It is not a Windows core file. Program can be uninstalled in the Control Panel. win32.exe is able to monitor applications and manipulate other programs.
In the event of any problems with win32.exe, you can also remove the entire program Win32 or AOL Instant Messenger using Windows Control Panel.

If win32.exe is located in the folder C:\Windows, the security rating is 89% dangerous. The file size is 28,672 bytes (50% of all occurrences), 119,296 bytes, 10,129 bytes or 737,280 bytes.

If win32.exe is located in a subfolder of C:\Windows, the security rating is 83% dangerous. The file size is 5,269 bytes (20% of all occurrences), 7,723 bytes, 6,501 bytes, 6,411,212 bytes or 6,376 bytes.

If win32.exe is located in C:\, the security rating is 56% dangerous. The file size is 6,830,087 bytes.

If win32.exe is located in a subfolder of C:\, the security rating is 69% dangerous. The file size is 1,613,824 bytes (50% of all occurrences) or 284,672 bytes.

If win32.exe is located in the Windows Temp folder, the security rating is 56% dangerous. The file size is 36,868 bytes.

If win32.exe is located in the folder C:\Windows\System32\drivers, the security rating is 68% dangerous. The file size is 20,480 bytes (50% of all occurrences) or 14,848 bytes.

If win32.exe is located in the folder "C:\Program Files", the security rating is 82% dangerous. The file size is 275,968 bytes.

If win32.exe is located in a subfolder of C:\Windows\System32, the security rating is 46% dangerous. The file size is 428,544 bytes.

External information from Paul Collins:
There are different files with the same name:

  • "WIN32" definitely not required. Added by the RATEGA TROJAN!
  • "Win32" definitely not required. Added by the ISRAZ.A WORM!
  • "win32.exe" definitely not required. Added by the STARTPAGE TROJAN!
  • "winprotect" definitely not required. Added by the MUGLY.E WORM!

Important: Some malware camouflages itself as win32.exe, particularly when located in the c:\windows or c:\windows\system32 folder. Therefore, you should check the win32.exe process on your PC to see if it is a threat. We recommend Security Task Manager for verifying your computer's security. This was one of the Top Download Picks of The Washington Post and PC World.



Score

User Comments

messinger virus
  rob  
It was scanned by my spyware and had a "status" of "Trojan"
   
It is a componant of the MSN Messenger virus. Although I deleted it, it still shows up on my Task Manager as 'inactive'. Its path on my computer is 'C:\windows\xml2\'. That folder contains 'explorer32.exe' (which is the most dangerous componant I think), 'win32.exe' and 'system32.exe'. If you have this virus, go to that folder, block all incoming and outcoming traffic with your firewall and permanently delete the folder and all of it's componants.
  $hab  
error in downloading windows updates
   
i got a case that it hides within the recycles folder in each drive
  evan  
is a keylogger
  NG  
it crashed my friends computer after she tried to factory set it.
  Masako  
has robbed my info/hard to remove
  mickey  
wdelmgr20.exe download
   
it is a virus that self manipulate the computer
  Sheila  
I need it run a game called "Combat Arms".
  Johnny  
good software
  nawal  
Rating chart


Summary: Average user rating of win32.exe: based on 26 votes with 12 reviews.
10 users think win32.exe is essential for Windows or an installed application. 2 users think it's probably harmless. 1 user think it's neither essential nor dangerous. 4 users suspect danger. 9 users think win32.exe is dangerous and recommend removing it. 2 users doesn't grade win32.exe ("not sure about it").


Do you have additional information?
What do you know about win32.exe: 
How do you rate it: 
Link for more info's: 
Your Name: 


Win32 scanner


Security Task Manager shows all running Windows tasks including embedded hidden functions (e.g. keyboard or browser monitoring, autostart entry). A unique security risk rating indicates the likelihood of the process being potential spyware, malware, keylogger or a Trojan.

MalwareBytes detects and removes sleeping spyware, adware, trojans, keyloggers, malware and tracking threats from your hard disk. Ideal supplement to Security Task Manager.

SpeedUpMyPC scans, cleans, repairs and optimizes your computer.


Other processes


win32.exe [all]