WSCRNTFY.EXE - Dangerous

What you should do about WSCRNTFY.EXE:

Check Your PC Now
Your PC may be infected. The presence of a file called WSCRNTFY.EXE is a possible sign of infection.


You should urgently check your PC to make sure it is not infected. The free version of Prevx CSI will scan your PC in less than two minutes and check for millions of spyware and malware infections including WSCRNTFY.EXE. Don't take the risk, check your PC now by clicking the green button.

Download Prevx CSI Now

Who Uses Prevx CSI?

Prevx has been detecting the threats that others miss since 2004.

More than 2,077,867 people have scanned with Prevx CSI and between them have checked 30.4 billion files. 68% of the PCs scanned had malware present.

What we know about WSCRNTFY.EXE:

The filename WSCRNTFY.EXE was first seen on Dec 30 2007 in SPAIN. It has also been seen in the following geographical regions of the Prevx community:

  • MEXICO on Apr 17 2008
  • PORTUGAL on Jan 4 2008
  • The EUROPEAN UNION on Jan 4 2008
The filename WSCRNTFY.EXE refers to many versions of an executable program. They share a common file size of 315,392 bytes.

The unsafe files using this name are associated with the malware group VB.BZU.

 These files have no vendor, product or version information specified in the file header.

WSCRNTFY.EXE has been seen to perform the following behavior(s):

  • Executes a Process
  • This Process Creates Other Processes On Disk
  • Can communicate with other computer systems using HTTP protocols
  • Sends mail without the user knowing
  • Looks at the contents of the autoexec.bat file
  • Reads email address and phone book details
  • Includes file creation code which could be used to test for interception by security products
  • Uses DNS to retrieve the IP address for web sites
  • Uses reverse DNS to retrieve the host names on IP addresses
  • Deletes an ActiveX component
  • This Process Deletes Other Processes From Disk
  • Adds a Registry Key (RUN) to auto start Programs on system start up
  • Disables the built in Windows File Protection System
  • Can examine and Send Email using POP3 protocols
  • Sends email using SMTP protocols
  • Makes outbound connections to other computers using NETBIOSOUT protocols
  • Registers a Dynamic Link Library File

WSCRNTFY.EXE has been the subject of the following behavior(s):

  • Added as a Registry auto start to load Program on Boot up
  • Executed as a Process
  • Created as a process on disk
  • Has code inserted into its Virtual Memory space by other programs

WSCRNTFY.EXE can also use the following file names:

  • FLASH_WIZARD.EXE
  • SETUP_.EX_
  • 58937875.EXE
  • 68898151.EX_
  • 61675886.EXE
  • 84502151.EXE
  • 40386511.EXE
  • 44207953.EXE
  • 85511954.EXE
  • 48112173.EXE
  • 92302933.EXE
  • 69846797.EXE
  • 07947854.EXE
  • 85536588.EXE
  • CSI14.TMP
  • INSTALAR.EXE
  • 26116544.EXE
  • 85446469.EXE
  • 13809897.EXE
  • OFFICES.EXE
  • 07317306.EXE
  • 87659406.EXE
  • 75975776.TXT
  • 17931252.EXE
  • 41908205.EXE
  • 83494581.EXE

Virus, Spyware & Malware Center