Dewin

Threat description

Details

CATEGORYMalware
TYPEBackdoor

Summary

Dewin is a backdoor that can be used by an attacker to install unwanted programs from a website to the victim machine. When started it copies itself to Windows Directory as 'Winreg.exe'. This copy of the file is added to the registry as

'HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SystemReg'  


Removal

- Locate and remove the registry key

'HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SystemReg'  

- Reboot the machine

- Instruct F-Secure Anti-Virus to delete the infected file

Detection

F-Secure Anti-Virus can detect this backdoor with the latest updates.

Submit a Sample

Suspect a file or URL was wrongly detected?
Send it to our Labs for further analysis

Submit a Sample

Give And Get Advice

Give advice. Get advice. Share the knowledge on our free discussion forum.

More Info