Exterminate It! Antimalware

malpedia

Known threats:699,742 Last Update:October 20, 11:34

Testimonials

Dear Jean,

Thank you for your follow-up. I did indeed use the Submit State feature last night and this morning, your team sent me instructions to run an 'update' and then re-run Exterminate It! on the PC. I just finished that process and the new update wiped it out. I ran my regular anti-spy/anti-virus to double-check and it wasn't able to detect it either. I appreciate the support from both you and your team.

Linda D.

File: WinThruster_DEFAULT

Location of WinThruster_DEFAULT and Associated Malware

Check whether WinThruster_DEFAULT is present in the following locations:

WinThruster_DEFAULT file locations that are Windows version independent:

  • C:\Windows\System32\TASKS\WinThruster_DEFAULT

If you find WinThruster_DEFAULT file in any of these locations, your computer is very likely to be infected with the following malware:

IMPORTANT: Malware files can be camouflaged with the same file names as legitimate files. The WinThruster_DEFAULT file is associated with malware only if found in the locations listed above.

Notes:

Different Variations of WinThruster_DEFAULT File^

File SizeFile Md5Last Seen
2956A1CB7E82DE482831BFC9933D2A803284May 10, 2016
2856BDC266FF7273F34C28CD7FE6D10428C3May 13, 2016
291864C28A21F1FEEF448AA904D46E1D37D0May 18, 2016
28580EEC9C4D5435599E0763DE3A3FEDD3C7May 23, 2016
2928AF666E96DFECFE34573BD188DE66CA71May 24, 2016
2850B3DE699FCF43EC396F1ED431DBF4DDA1May 31, 2016
290229E6468187630C3846B6A8F6830E94FFJun 12, 2016
2862E6525382B463BCC1A8A1065309347AFFJun 29, 2016
28388D2A0CCE175545E9368F6B2415D8B527Jul 15, 2016
28568612AD887087741AD6D7AFA76C17C944Jul 15, 2016
2944943D4F7BB3B119C8F10AFDA9D99BA1EDAug 2, 2016
28505EEAB338D9E62E29C28F68023C9B1E16Aug 17, 2016
2862AD72D485E3F0BBE0F7D2996621A8E193Sep 16, 2016
2952BE9B104D260C921C1F9259DCE52DE7E3Sep 18, 2016
28303951B6D9F5F51B5CB7344A85C53ADA4ASep 18, 2016
28723B8FB90D795BF076FD4AC15CCE4DED85Sep 25, 2016
2838A41E1D1538BEC1C298AF47A17CA4FF8ESep 28, 2016
2856242101F3F88FFFC0966E2BB6A652081ASep 29, 2016
2862B8A63734D48E9E8A9687EE35B7BC91E5Oct 21, 2016
28800E012EDD25FC9E3AFB2E3405B20F1EDBMar 2, 2017
2904BF575C06BFAC1662116DDBEBE1EF4C47Mar 16, 2017
28748567D09396487B69512CF8A475F4C935May 2, 2017
3004E5635260F65782CEDC78DCB0A7A78BEFMay 26, 2017

Why Is It Important to Remove Malware Files?^

It is imperative that you delete malware-associated files as soon as possible because they can be used - or are already being used - to inflict serious damage on your PC, including:

  • Disrupting the normal functioning of the operating system or rendering it completely useless.
  • Hijacking valuable private information (credit card numbers, passwords, PIN codes, etc.)
  • Directing all your Web searches to the same unwanted or malicious sites.
  • Dramatically slowing down your computer.
  • Gaining total control of your PC to spread viruses and trojans and send out spam.

How to Remove WinThruster_DEFAULT^

  1. To enable deleting the WinThruster_DEFAULT file, terminate the associated process in the Task Manager as follows:
    • Right-click in the Windows taskbar (a bar that appears along the bottom of the Windows screen) and select Task Manager on the menu.
    • In the Tasks Manager window, click the Processes tab.
    • On the Processes tab, select WinThruster_DEFAULT and click End Process.
  2. Using your file explorer, browse to the file using the paths listed in Location of WinThruster_DEFAULT and Associated Malware.
  3. Select the file and press SHIFT+Delete on the keyboard.
  4. Click Yes in the confirm deletion dialog box.
  5. Repeat steps 2-4 for each location listed in Location of WinThruster_DEFAULT and Associated Malware.
  6. Notes:

    • The deletion of WinThruster_DEFAULT will fail if it is locked; that is, it is in use by some application (Windows will display a corresponding message). For instructions on deleting locked files, see Deleting Locked Files.
    • The deletion of WinThruster_DEFAULT will fail if your Windows uses the NT File System (NTFS) and you have no write rights for the file. Request your system administrator to grant you write rights for the file.

Deleting Locked Files^

You can delete locked files with the RemoveOnReboot utility. You can install the RemoveOnReboot utility from here.

After you delete a locked file, you need to delete all the references to the file in Windows registry.

To delete a locked file:

  1. Right-click on the file and select Send To -> Remove on Next Reboot on the menu.
  2. Restart your computer.

The file will be deleted on restart.

Note: In the case of complex viruses that can replicate themselves, malware files can reappear in the same locations even after you have deleted those files and restarted your computer. Exterminate It! Antimalware can effectively eradicate such viruses from your computer.

To remove all registry references to a WinThruster_DEFAULT malware file:

  1. On the Windows Start menu, click Run.
  2. In the Open box, type regedit and click OK. The Registry Editor window opens.
  3. On the Edit menu, select Find.
  4. In the Find dialog box, type WinThruster_DEFAULT. The name of the first found registry value referencing WinThruster_DEFAULT is highlighted in the right pane of the Registry Editor window.
  5. Right-click the registry value name and select Delete on the menu.
  6. Click Yes in the Confirm Value Delete dialog box.
  7. To delete all other references to WinThruster_DEFAULT, repeat steps 4-6.
IMPORTANT: Malware files can masquerade as legitimate files by using the same file names. To avoid deleting a harmless file, ensure that the Value column for the registry value displays exactly one of the paths listed in Location of WinThruster_DEFAULT and Associated Malware.