|Trojan.Wintrash is a Gentee installer which drops files that damage Windows.
It causes Windows to restart immediately each time you try to start it.
This Trojan also disables critical registry keys.
When Trojan.Wintrash runs, it performs the following actions:
Displays a black bitmap that masks the screen and the activities that the Trojan performs.
Drops the following files: %Windir%\temp\chichie.cxe; %Windir%\temp\chidk.cxe; %Windir%\temp\winfd.cxe; %System%\msgsrv.cxe; %Windir%\xfwfm.cxe;
Changes the Value data of these registry keys to prevent you from editing the Windows registry:
Adds the value: "MSGSRV" = "MSGSRV.CXE"
to these registry keys:
Creates the registry key: HKEY_CLASSES_ROOT\.cxe
with the value: "(Default)"="exefile"
so that the files that have the .cxe extension run as executables.
Changes the Value data of: HKEY_CLASSES_ROOT\.exe
so that .exe files do not run, and the Trojan runs each time you try to run any .exe file.
Adds the values:
"NoRun" = dword:00000001
"NoDrives" = dword:00000001
to the registry key:
This causes Windows to shut down immediately after starting and causes any Windows display of drive icons to not include any hard drives associated with the system. Data on the drives is not affected, only the way Windows is displayed. Drive information is still available from native DOS on Windows 95/98/Me.
Removal: Please manual delete all registry keys described above.
Still have a problem? Ask for help at our discussion forum.