W32.Styes is a Trojan that opens a back door on the PCs that it infects so that they can be remotely controlled. It creates the following files on infected systems:
- %AppData%\ Windows Objects\ wmiintegrator.exe
- %AppData%\ Windows Objects\ wmimic.exe
- %AppData%\ Windows Objects\ wmihostwin.exe
As well as creating these files, it also creates the following registry entry:
- HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Run\ “KeybordDriver” = “%AppData%\ Windows Objects\ wmimic.exe” winstart”
Finding these files and this registry setting is an indication that you are infected with this Trojan. Before removing the infection, backup your registry following the steps here.
Then, remove the infection as follows:
- Press [Windows Key] + [R], type REGEDIT and click OK.
- Navigate to the registry key: HKEY_CURRENT_USER\ Software\ Microsoft\ Windows\ CurrentVersion\ Run
- Delete the registry value: “KeybordDriver” = “%AppData%\ Windows Objects\ wmimic.exe” winstart”
- Close the Registry Editor and re-boot your PC.