NSINET.EXE - Dangerous

What you should do about NSINET.EXE:

Check Your PC Now
Your PC is infected. The file called NSINET.EXE is considered unsafe and there may be other infections on your PC.


You should urgently check your PC and remove any malicious software including NSINET.EXE as soon as possible. The free version of Prevx CSI will scan your PC for millions of spyware and malware infections in less than 2 minutes. Don't take the risk, check your PC now by clicking the green button.

Download Prevx CSI Now

Who Uses Prevx CSI?

Prevx has been detecting the threats that others miss since 2004.

More than 2,050,633 people have scanned with Prevx CSI and between them have checked 29.1 billion files. 65% of the PCs scanned had malware present.

What we know about NSINET.EXE:

The filename NSINET.EXE was first seen on Nov 30 2007 in SPAIN. It has also been seen in the following geographical regions of the Prevx community:

  • URUGUAY on Dec 4 2007
  • The UNITED STATES on Nov 30 2007
  • The UNITED KINGDOM on May 9 2008
  • ITALY on Jan 29 2008
The filename NSINET.EXE refers to many versions of an executable program.

The most common file size is 133,080 bytes. But the following file sizes have also been seen:

  • 173,896 bytes
  • 170,416 bytes
  • 14,348 bytes
  • 135,128 bytes

The filename is associated with the malware group Potentially harmful program Dialer.GWH.Some files using the name NSINET.EXE are also associated with the malware groups:
  • Dialer.Instant.Access
  • Trojan.Nudos
  • Dialer.RRG
 These files have no vendor, product or version information specified in the file header.

NSINET.EXE has been seen to perform the following behavior(s):

  • The Process is packed and/or encrypted using a software packing process
  • The Process is polymorphic and can change its structure
  • Enables a COM Object/Server on the Local Machine
  • This Process Deletes Other Processes From Disk
  • Adds Products to the system registry
  • Adds a Registry Key (RUN) to auto start Programs on system start up
  • This Process Creates Other Processes On Disk
  • The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
  • Can communicate with other computer systems using HTTP protocols
  • Terminates Processes
  • Registers a Dynamic Link Library File
  • Executes a Process

NSINET.EXE has been the subject of the following behavior(s):

  • Added as a Registry auto start to load Program on Boot up
  • Executed by Internet Explorer
  • Created as a process on disk
  • Enabled as a COM Object/Server on the Local Machine
  • Executed as a Process
  • Has code inserted into its Virtual Memory space by other programs
  • Deleted as a process from disk
  • Copied to multiple locations on the system
  • Registered as a Dynamic Link Library File
  • Executed from Temporary Folders

NSINET.EXE can also use the following file names:

  • IALDR32.EXE
  • 23260699.DAT
  • SYSTEM32NSINET.EXE
  • 28888199.EXE
  • 18450497.EXE
  • 51347084.EXE
  • 29386911.SVD
  • 7A4E6793A95D79A23766E7A2E46C8B95.EXE
  • INSTANT ACCESS.EXE
  • 57756684.DAT
  • 17543836.EXE
  • CSI25.TMP