Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Dewin


Aliases:


Dewin
Backdoor.Dewin

Malware
Backdoor
W32

Summary

Dewin is a backdoor that can be used by an attacker to install unwanted programs from a website to the victim machine. When started it copies itself to Windows Directory as 'Winreg.exe'. This copy of the file is added to the registry as

'HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SystemReg'



Disinfection & Removal

- Locate and remove the registry key

'HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SystemReg'

- Reboot the machine

- Instruct F-Secure Anti-Virus to delete the infected file





Detection

F-Secure Anti-Virus can detect this backdoor with the latest updates.



Technical Details: F-Secure Corp.; April 15th, 2002



Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.