Winexec.exe - who knows about this?

[InCreator]

c:\windows\winexec.exe
Well, somehow, I managed to get something named like this into my computer. Now,  suspect that It's the reason behind making my Internet explorer ultra slow.
All other internet-based programs, such as kazaa and msn messenger download things normally (which is 8-10 kb/sec for me), but Internet explorer kinda' times out and speed will be no more than 0,2-0,3 kb/sec.

I tracked down this thing after a little confusion and deleted it. but all i found out about this, was EvilBot written into exe file info.

What is that thing?
Anyone seen this thing?
Is it the evil thing behind breaking my IE?
How to get *really* rid of this thing? (IE is STILL slow)
What else does this thing do?

Thanks in advance. Any help would be appreciated.

[TheYak]

It looks like you've done some research with it.  If you've already removed it from the system and any references to it in the registry and run a virus-scan.  Theories as to why your IE might be running slow: Are you running Kazaa? The trojan modifies several of the kazaa parameters.  You could double-check your Kazaa settings and make sure you're not set up as a massively-sharing supernode.  It also disables the virus filtering.  If you don't have Kazaa running and/or IE is still slow then you might try restoring default settings in the options menu or (preferably) restoring your OS drive from a backup (either a backup or an XP restore point).  Other than that, all I know is that the trojan uses certain ports for transmission so you might try using the connection wizard to set your connection up again.  This may or may not help.  I'll search the net and if I find anything applicable, I'll add it.

[InCreator]

Gee, thanks a lot. Well, I'm Running Win98se and Kazaa is NOT loaded on startup. It's Kazaa-lite, which has sharing disabled. Could you explain how to perform check on it? I don't get these node things very well.
I changed my IE three times (6, then 4 and now 5.1)
but BEFORE I deleted that winexec thingy.
I got suspicious when every time when i rebooted, after few minutes windows reported that it can't run some winexec thing and suggested to close this (This illegal exception error). The name of the program made me think that it's just some crap from microsoft which doesn't want to run... But looking at this exe-s properties and noticing text "evilbot" there gave me chills...
I have fairly antique computer, so i'm used with such errors (right now, there's none). I'd do my research in internet by myself, if i had any speed. At least, agsforums DO load and let me post... So - my previous idea to download Netscape Navigator and try inter-netting with that is impossible too...
 

[jannar85]

http://be.trendmicro-europe.com/enterprise/security_info/ve_detail.php?id=56257&VName=WORM_EVIBOT.A&VSect=T

http://www.dark-e.com/archive/trojans/subsari/12/index.shtml

Oh, and I have it as well ._.

[TheYak]

So you're still getting errors dealing with that?  If not, ignore next paragraph:

1) Make sure it's not in the Startup folder.  2) Check your system startup files by checking Accessories/System Tools/System Information, go to startup programs and uncheck any reference to it.  3) run Regedit.exe and run a search for winexec.  There are some legitimate programs named Winexec but 99% of the time there will be no reference to this in a Windows registry that's supposed to be there.

As far as Kazaa-lite goes, it still uses the same registry values.  It has sharing disabled by default but you can edit the options to make sure it's still disabled.  The trojan also sets it to auto-connect.  Whether or not you can check this in the options, run Regedit and search for Kazaa.  This should turn up the applicable entries, such as disablesharing=0 (Should be 1 to disable).  

I don't know if I've thrown a bunch of crap at you that you already know but it's difficult to bug-hunt remotely.  

[InCreator]

Thousands of thanks. I got rid of it.

But for me, I feel like I'm raped...

[TheYak]

Just put a pillow on your chair for a couple days.. it'll heal over time.