Exterminate It! Antimalware


Known threats:700,085 Last Update:March 01, 12:55


You guys finally did it!!! Your July 27 update completely removed the Softwarerefferal virus from my computer. I had tried (with no success) several anti-virus programs. I really appreciate your quick response and good work. Keep it up!! Thanks so much!

John K. D.

File: winsub.xml

Location of winsub.xml and Associated Malware

Check whether winsub.xml is present in the following locations:

winsub.xml file locations that are Windows version independent:

  • C:\Windows\System32\winsub.xml

If you find winsub.xml file in any of these locations, your computer is very likely to be infected with the following malware:

IMPORTANT: Malware files can be camouflaged with the same file names as legitimate files. The winsub.xml file is associated with malware only if found in the locations listed above.


Different Variations of winsub.xml File^

File SizeFile Md5Last Seen
4488FE942BB0209447D16F49DED34DB86Dec 18, 2009
446B471600D627D100E600168DD076B13Dec 18, 2009
43098AF04F9A91F05B2349C546FB949FEDec 24, 2009
43F236D554457E1A53B8B4FD403AA0857Dec 30, 2009
4F22A11179C310CD3681C8EAD083C839EJan 9, 2010
4206E1A6D956C9C9BFFCD676AD856AF1AJan 10, 2010
47CF8D46C8FE42B0C56433BE3E5ACA701Jan 20, 2010
413C23D8A9F0360D5F04EA129ADF0E11CJan 24, 2010
42EB61532A8EAEE7F449CB40C2302E560Feb 10, 2010
4B32F5906EAA4F393C0EB99A301357A1EFeb 11, 2010
4437B3E72652A1041A0467CA9202DA575Mar 28, 2010
401982EBB71C8E8F38D8EF37559E57F73Mar 30, 2010
43AACA9290319ECB7544625DE1093435AApr 19, 2010
461FFE0F6582CBDECE0FF540513A22136Apr 20, 2010
4451E774A642BD3F8F70589DB5FAFBD37Jun 4, 2010
47AD91508BE9B33A6D33C6A3184D3FE4FJun 7, 2010
4C4F27320E408B4EC885F9EA493D6B76EJun 8, 2010
43ADD2662855514A69A0777E2624FB29DJul 4, 2010
4BF3B84BB846966D8006731FE6D237150Jul 13, 2010
4B6693C1B52D3D02DF3CE9399C88757C8Aug 3, 2010
47654E658EBC0953964D37AA29F62153FAug 27, 2010
4DED500C3DB24AC32E06DA81791D28755Sep 6, 2010
46CC26ADDC8385D7F4F1778D7BA1BFE3DOct 10, 2010
47ACE93D82DB32260FAEFCC476861727DOct 27, 2010
4FDB1A556CFFDD0BF72F7AF9967E12F61Oct 27, 2010
4D2487603421FBAB22D3591D838905D15Nov 2, 2010
4CFC95A4EED2CDAD96E13C70B0FF66E98Nov 29, 2010
4D5D260CCF87CC046F7BD73A4EDC70C79Dec 13, 2010
4151182115F1EDEB4195D6A28FD70E5DCDec 14, 2010
4820EF4C496445AACFE503474C1188A98Dec 14, 2010
4974A3D433E6975DC18B09F696B668AB2Dec 19, 2010
6553672C7917475FE16A3C88FF29BB58F8E95Dec 19, 2010
4DC7D1C664447F26033332BD407311FD6Jan 18, 2011
44513E8F837FD453FD1E2781893023F1EJan 23, 2011
4D268D9B5742AC1CD53ABAB571D4318C6Feb 9, 2011
4F68FF8A9217320450CF3240F790A414CFeb 11, 2011
49CACE804483E5D79B420BA5FB8A9C71FMar 5, 2011
4AA3853A67474D67FA5FAD719E3A0BD8EMar 7, 2011
457CAD61B9F57981AA3DA2D17E52F1F20Apr 6, 2011
4CD6A389695C6944EACD90C414A07594EApr 9, 2011
42BE9A6B9A8A8FD2314D1F5AFAD4EA726Apr 25, 2011
48E3C4643E0C57843DAB2460BED153346Apr 29, 2011
4D95F069093AAB131560CD7C5F6B95DFBMay 14, 2011
49E0B06ABA00D7561DB6FACB156DE68EFJul 14, 2011
495B5877BEB3E3245451C71E2C5BCF696Nov 25, 2011
49209C4E32B59B2D28C8F4A08302E494EDec 8, 2011
4ACFB0F385DCADD330729BCAEEB30F7CCFeb 19, 2012
44336913B2BD8E5E3524817A106F44F58May 1, 2012
4C3263668AAAB19F4556A1E3C8A12F7E3Jul 20, 2012
4B2A52154FAF4082765435747A79B4424Dec 24, 2012
44B91F38427BA543915261F7762CC49EAAug 3, 2013

Why Is It Important to Remove Malware Files?^

It is imperative that you delete malware-associated files as soon as possible because they can be used - or are already being used - to inflict serious damage on your PC, including:

  • Disrupting the normal functioning of the operating system or rendering it completely useless.
  • Hijacking valuable private information (credit card numbers, passwords, PIN codes, etc.)
  • Directing all your Web searches to the same unwanted or malicious sites.
  • Dramatically slowing down your computer.
  • Gaining total control of your PC to spread viruses and trojans and send out spam.

How to Remove winsub.xml^

  1. To enable deleting the winsub.xml file, terminate the associated process in the Task Manager as follows:
    • Right-click in the Windows taskbar (a bar that appears along the bottom of the Windows screen) and select Task Manager on the menu.
    • In the Tasks Manager window, click the Processes tab.
    • On the Processes tab, select winsub.xml and click End Process.
  2. Using your file explorer, browse to the file using the paths listed in Location of winsub.xml and Associated Malware.
  3. Select the file and press SHIFT+Delete on the keyboard.
  4. Click Yes in the confirm deletion dialog box.
  5. Repeat steps 2-4 for each location listed in Location of winsub.xml and Associated Malware.
  6. Notes:

    • The deletion of winsub.xml will fail if it is locked; that is, it is in use by some application (Windows will display a corresponding message). For instructions on deleting locked files, see Deleting Locked Files.
    • The deletion of winsub.xml will fail if your Windows uses the NT File System (NTFS) and you have no write rights for the file. Request your system administrator to grant you write rights for the file.

Deleting Locked Files^

You can delete locked files with the RemoveOnReboot utility. You can install the RemoveOnReboot utility from here.

After you delete a locked file, you need to delete all the references to the file in Windows registry.

To delete a locked file:

  1. Right-click on the file and select Send To -> Remove on Next Reboot on the menu.
  2. Restart your computer.

The file will be deleted on restart.

Note: In the case of complex viruses that can replicate themselves, malware files can reappear in the same locations even after you have deleted those files and restarted your computer. Exterminate It! Antimalware can effectively eradicate such viruses from your computer.

To remove all registry references to a winsub.xml malware file:

  1. On the Windows Start menu, click Run.
  2. In the Open box, type regedit and click OK. The Registry Editor window opens.
  3. On the Edit menu, select Find.
  4. In the Find dialog box, type winsub.xml. The name of the first found registry value referencing winsub.xml is highlighted in the right pane of the Registry Editor window.
  5. Right-click the registry value name and select Delete on the menu.
  6. Click Yes in the Confirm Value Delete dialog box.
  7. To delete all other references to winsub.xml, repeat steps 4-6.
IMPORTANT: Malware files can masquerade as legitimate files by using the same file names. To avoid deleting a harmless file, ensure that the Value column for the registry value displays exactly one of the paths listed in Location of winsub.xml and Associated Malware.