Exterminate It! Antimalware


Known threats:700,085 Last Update:March 01, 12:55


After scanning my computer many times using big name anti-virus and malware programs I still had several problems. Finally Exterminate It found multiple infections from NetSky. I sent Exterminate It a sample and the next day I received an e-mail instructing me to update and rescan. After following the instructions ZAP the worm/trojan was gone. My computer seems to be completly back to normal now. Good Job Exterminate It!


File: findwide.xml

Location of findwide.xml and Associated Malware

Check whether findwide.xml is present in the following locations:

Windows 2000, Windows XP, Windows Server 2003 specific findwide.xml file locations:

  • C:\Documents And Settings\USER_NAME\Application Data\mozilla\firefox\profiles\[%PROFILE_FOLDER%]\searchPlugins\findwide.xml

Windows Vista, Windows Server 2008, Windows 7, Windows 8 specific findwide.xml file locations:

  • C:\Users\USER_NAME\AppData\Roaming\mozilla\firefox\profiles\[%PROFILE_FOLDER%]\searchPlugins\findwide.xml

If you find findwide.xml file in any of these locations, your computer is very likely to be infected with the following malware:

IMPORTANT: Malware files can be camouflaged with the same file names as legitimate files. The findwide.xml file is associated with malware only if found in the locations listed above.


Different Variations of findwide.xml File^

File SizeFile Md5Last Seen
17183F9EBEF3769B54E15C47C4C8474343C4Apr 24, 2014
17189339A0E1837491599F4209236BA14012Apr 26, 2014
2062EBE1406D20CEFF76E582A7AD8443962BApr 26, 2014
171874FC17446B3538D927BDF3703CDFA2F9May 8, 2014
20624F8372468AE3F6E4F8C9184FD5173A61May 17, 2014
17188C6CCBAD51784B0A74CC549C2F3D756FMay 17, 2014
1718A7BF8BB3E2584A4FECB14DB6938B1BC2May 19, 2014
171862AD68FF18C8FDDF0561640D12CB8EEBMay 27, 2014
206221D8E0E233DBC3880F51A3F9671ADF8BMay 29, 2014
2062C697DD6A5F84036065AAE7B3602A33AFJun 25, 2014
206280407EFB032E7539374D04E4225E2A81Jun 29, 2014
1710A3586275D217D85B883051679A1CFE12Jul 26, 2014
2062466864244801C9DDAEED2F52133CC81CAug 7, 2014
20849A36581A05E1CC8BFF809FBFE5B93EE0Aug 16, 2014
20845ED61FFD8AF2381970D756082A704431Aug 25, 2014
20626BEFF56F4C6B6704BD4D747A848E2F41Sep 1, 2014
2084DFD26641002EB0C5333EA50AFF25C442Sep 7, 2014
1718B8228188C56450D2638F72F10048F888Sep 16, 2014
20849830912CD3FEB3507E276BB1FFB655CFSep 20, 2014
2084A707DAE9306AF51848A3F0CCA4DE557EOct 17, 2014
20840C4A5114398B4520AC3D6948F5546186Oct 20, 2014
2084767BACF35454C7C9111489C8EE9D8EC5Oct 28, 2014
1718B9D7FCAF26916B1ABFB2FA952FE472F4Nov 13, 2014
20843E39EE1E34CC7C0DC8EEF44D28542C2CNov 14, 2014
2084FF2CD7A003D9393E8B82077743D17661Dec 2, 2014
208481BB6CF6EF6F8C48C7DC01A5F2265F04Jan 15, 2015
20845A58D3F22D8E92691F061697F36A166DFeb 11, 2015
2084E7101238E83F7D2DF12C2B789DE92ECEMay 3, 2015
203999E9B3E4FE3A5767670514E3B763CD6AJun 1, 2015
213674EA3AA0FD29B52ACB88862FE011A90FJun 30, 2015
2084C971E3EC4B74340364D1411C0295E8D0Aug 2, 2015
2084E7246B778E90B08B33994B54DBA27014Aug 7, 2015
20974E6A75A4F9F637372451A0EABB886AB4Aug 9, 2015
20973A02175AE4F0BE7A33C0BE029C2261B9Aug 11, 2015
20849210B058A950C78FB6AD391746DA65D6Sep 1, 2015
491BCF3A0D4C51B23604F16E73C943BF2B2Sep 20, 2015
1718CD1F053D23C63C82988177D1D60285FEOct 12, 2015
2097058BD0429B7982E16B00391F6DFBD3E5Nov 7, 2015
2097B42A1369EDCDC0FB9A831B345B7058B1Nov 9, 2015
2084DA13D1D2BED0357203EF95BA291E8179Nov 26, 2015
2097337D76F6F999FA5A340E6FEF9C4FB6AAFeb 6, 2016
207244BA33E7E5D31EF948DE2B24263894FEMar 21, 2016
2084441FDAAA1EDDB1B05DD6C8DDEF2AB0EDMay 9, 2016
2062D89DF292EC1A79110F4C29867B261967May 13, 2016
2049616E259B0252222535D5C559A7E278F0May 15, 2016
2084434985E537875A7163FCD6F2C1FBA771May 25, 2016
2101204C981D1AA19FA835565536373617C3May 26, 2016
2084F176DE79876992CEC48A6FBD1F5159DDSep 14, 2016
2084C7EA7222CF90E02A09861EFDDC49AEAEOct 24, 2016
2049FD8639931F2222611C4A5A50D71330A9Nov 7, 2016
4781198FF9DF9E05E3B68E5187253DB4EEBNov 21, 2016
2084FBE607052C69ED73E79CE3818AFF36CFDec 20, 2016
2084B26E04EF2B5331E46DBAC988B4DF8B01Feb 6, 2017
443F85DA3172C804D0688FA90C1A7D6A133Apr 2, 2017
4784999BC6BE79136D73BCF71215BA72FF9May 29, 2017

Why Is It Important to Remove Malware Files?^

It is imperative that you delete malware-associated files as soon as possible because they can be used - or are already being used - to inflict serious damage on your PC, including:

  • Disrupting the normal functioning of the operating system or rendering it completely useless.
  • Hijacking valuable private information (credit card numbers, passwords, PIN codes, etc.)
  • Directing all your Web searches to the same unwanted or malicious sites.
  • Dramatically slowing down your computer.
  • Gaining total control of your PC to spread viruses and trojans and send out spam.

How to Remove findwide.xml^

  1. To enable deleting the findwide.xml file, terminate the associated process in the Task Manager as follows:
    • Right-click in the Windows taskbar (a bar that appears along the bottom of the Windows screen) and select Task Manager on the menu.
    • In the Tasks Manager window, click the Processes tab.
    • On the Processes tab, select findwide.xml and click End Process.
  2. Using your file explorer, browse to the file using the paths listed in Location of findwide.xml and Associated Malware.
  3. Select the file and press SHIFT+Delete on the keyboard.
  4. Click Yes in the confirm deletion dialog box.
  5. Repeat steps 2-4 for each location listed in Location of findwide.xml and Associated Malware.
  6. Notes:

    • The deletion of findwide.xml will fail if it is locked; that is, it is in use by some application (Windows will display a corresponding message). For instructions on deleting locked files, see Deleting Locked Files.
    • The deletion of findwide.xml will fail if your Windows uses the NT File System (NTFS) and you have no write rights for the file. Request your system administrator to grant you write rights for the file.

Deleting Locked Files^

You can delete locked files with the RemoveOnReboot utility. You can install the RemoveOnReboot utility from here.

After you delete a locked file, you need to delete all the references to the file in Windows registry.

To delete a locked file:

  1. Right-click on the file and select Send To -> Remove on Next Reboot on the menu.
  2. Restart your computer.

The file will be deleted on restart.

Note: In the case of complex viruses that can replicate themselves, malware files can reappear in the same locations even after you have deleted those files and restarted your computer. Exterminate It! Antimalware can effectively eradicate such viruses from your computer.

To remove all registry references to a findwide.xml malware file:

  1. On the Windows Start menu, click Run.
  2. In the Open box, type regedit and click OK. The Registry Editor window opens.
  3. On the Edit menu, select Find.
  4. In the Find dialog box, type findwide.xml. The name of the first found registry value referencing findwide.xml is highlighted in the right pane of the Registry Editor window.
  5. Right-click the registry value name and select Delete on the menu.
  6. Click Yes in the Confirm Value Delete dialog box.
  7. To delete all other references to findwide.xml, repeat steps 4-6.
IMPORTANT: Malware files can masquerade as legitimate files by using the same file names. To avoid deleting a harmless file, ensure that the Value column for the registry value displays exactly one of the paths listed in Location of findwide.xml and Associated Malware.