How to remove the winsystem virus

Most antivirus programs identify winsystem.exe as malware, for example Microsoft identifies it as Trojan:Win32/Trafog!rts or VirTool:Win32/Vbcrypt.I, and Symantec identifies it as Trojan.Gen or Trojan Horse.
The free file information forum can help you find out how to remove it. If you know more about this file, please leave a comment or a hint for other users.

Click to Run a Free Virus Scan for the winsystem.exe malware

Winsystem.exe file information

The process known as DATABASE Microsoft or Microsoft Library Component or Microsoft Printing Service appears to be part of software DATABASE or Microsoft Windows Operating System or SystemManagement by Microsoft (www.microsoft.com).

Description: winsystem.exe is located in the folder C:\Windows. Known file sizes on Windows 7/XP are 61,440 bytes (44% of all occurrences), 223,232 bytes, 28,672 bytes, 138,240 bytes or 19,456 bytes.
There is no information about the author of the file. The program is not visible. It is located in the Windows folder, but it is not a Windows core file. The process is loaded during the Windows boot process (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, C:\Windows\win.ini, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command). File winsystem.exe is not a Windows system file. winsystem.exe is able to monitor applications, record inputs and hide itself. Therefore the technical security rating is 79% dangerous, however also read the users reviews.

Recommended: Identify winsystem.exe related errors

If winsystem.exe is located in the folder C:\Windows\System32, the security rating is 57% dangerous. The file size is 100,063 bytes (40% of all occurrences), 239,130 bytes, 89,088 bytes or 90,112 bytes. The process starts upon Windows startup (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, C:\Windows\win.ini, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command). It is not a Windows core file. Winsystem.exe is an unknown file in the Windows folder. The program is not visible. winsystem.exe is able to hide itself, monitor applications, manipulate other programs and record inputs.

If winsystem.exe is located in a subfolder of "C:\Documents and Settings", the security rating is 44% dangerous. The file size is 233,472 bytes (25% of all occurrences), 187,392 bytes, 245,761 bytes or 290,816 bytes. There is no file information. The program starts upon Windows startup (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices, C:\Windows\win.ini, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit, HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command). File winsystem.exe is not a Windows core file. winsystem.exe is able to record inputs and manipulate other programs.

If winsystem.exe is located in a subfolder of "C:\Program Files", the security rating is 60% dangerous. The file size is 187,392 bytes.

If winsystem.exe is located in a subfolder of the "My Files" folder, the security rating is 60% dangerous. The file size is 187,392 bytes.

External information from Paul Collins:
There are different files with the same name:

"Windows System Manager" definitely not required. Added by the RBOT-AN WORM!
"WinSystem" definitely not required. Added by the WHITEBAIT WORM!
"Winsystem" definitely not required. Added by the BANCOS.CR TROJAN!

Important: Some malware camouflages itself as winsystem.exe, particularly when located in the c:\windows or c:\windows\system32 folder. Therefore, you should check the winsystem.exe process on your PC to see if it is a threat. We recommend Security Task Manager for verifying your computer's security. This was one of the Top Download Picks of The Washington Post and PC World.

Score

User Comments

W32/Whitebait.gen@MM This mass-mailing worm drops a remote access trojan and attempts to send itself to email addresses found within files on the local system. Currently this worm is incapable of emailing itself to others due to the fact that the hard coded mail server used (smtp.wanadoo.fr) has turned relaying off.
bowZZer (further information)

WINDOWS \System32\nbggup.dll
schober

It is a trojan that spams email out randomly
Boohaha (further information)

Summary: Average user rating of winsystem.exe: based on 3 votes with 3 reviews.

1 user suspect danger. 2 users think winsystem.exe is dangerous and recommend removing it.

Winsystem scanner

Security Task Manager shows all running Windows tasks including embedded hidden functions (e.g. keyboard or browser monitoring, autostart entry). A unique security risk rating indicates the likelihood of the process being potential spyware, malware, keylogger or a Trojan.

Spyware Doctor detects and removes sleeping spyware, adware, trojans, keyloggers, malware and tracking threats from your hard disk. Ideal supplement to Security Task Manager.

SpeedUpMyPC scans, cleans, repairs and optimizes your computer.

Other processes