English | Deutsch


How to remove the winsys32 virus


Most antivirus programs identify winsys32.exe as malware, for instance Kaspersky identifies it as Backdoor.Win32.Rbot.cof or Trojan-Dropper.Win32.Agent.biqm, and Symantec identifies it as W32.Spybot.Worm or Trojan Horse.
The free file information forum can help you find out how to remove it. If you know more about this file, please leave a comment or a hint for other users.

Click to Run a Free Virus Scan for the winsys32.exe malware


Winsys32.exe file information

The process known as RZ7tLty appears to be part of software TatkVCS14h by GZ93YnT8K.

Description: The file winsys32.exe is located in the folder C:\Windows\System32 or sometimes in a subfolder of C:\Windows. Known file sizes on Windows 7/XP are 66,048 bytes (50% of all occurrences), 1,341,518 bytes, 148,655 bytes or 71,680 bytes. http://www.file.net/process/winsys32.exe.html 
There is no file information. The program has no visible window. File winsys32.exe is located in the Windows folder, but it is not a Windows core file. File winsys32.exe is not a Windows core file. The application starts upon Windows startup (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices). winsys32.exe is able to record inputs, hide itself and monitor applications. Therefore the technical security rating is 90% dangerous, however also read the users reviews.

Recommended: Identify winsys32.exe related errors

If winsys32.exe is located in the folder C:\Windows\System32\drivers, the security rating is 80% dangerous. The file size is 45,056 bytes. There is no description of the program. The program is not visible. The file is located in the Windows folder, but it is not a Windows core file. The application starts upon Windows startup (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices). It is not a Windows core file.

If winsys32.exe is located in a subfolder of C:\Windows\System32, the security rating is 36% dangerous. The file size is 864,256 bytes. The program has a visible window. File winsys32.exe is a file without information about the developer of this file. The program starts upon Windows startup (see Registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run, HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices). It is not a Windows system file. winsys32.exe seems to be a compressed file.

External information from Paul Collins:
There are different files with the same name:

  • "Config Loadr" definitely not required. Added by the AGOBOT-HN WORM!
  • "Microsoft Update" definitely not required. Added by a variant of the RBOT WORM!
  • "Windows Networking" definitely not required. Added by the GAOBOT.FL WORM!
  • "WinSys32" definitely not required. Added by the CIGIVIP TROJAN or RECKUS WORM!
  • "winsys32 Driver" definitely not required. Added by the LOONY-O TROJAN!

Important: Some malware camouflages itself as winsys32.exe, particularly when located in the c:\windows or c:\windows\system32 folder. Therefore, you should check the winsys32.exe process on your PC to see if it is a threat. We recommend Security Task Manager for verifying your computer's security. This was one of the Top Download Picks of The Washington Post and PC World.



Score

User Comments

Backdoordreck
   
It is a trojan used in R.A.T.s etc.
  Anonymous  


2 users doesn't grade winsys32.exe ("not sure about it").


Do you have additional information? Help other users!
What do you know about winsys32.exe: 
How do you rate it: 
Link for more info's: 
Your Name: 


Winsys32 scanner


Security Task Manager shows all running Windows tasks including embedded hidden functions (e.g. keyboard or browser monitoring, autostart entry). A unique security risk rating indicates the likelihood of the process being potential spyware, malware, keylogger or a Trojan.

Spyware Doctor detects and removes sleeping spyware, adware, trojans, keyloggers, malware and tracking threats from your hard disk. Ideal supplement to Security Task Manager.

SpeedUpMyPC scans, cleans, repairs and optimizes your computer.


Other processes


winsys32.exe [all]