LWSYS32.EXE - Dangerous

What you should do about LWSYS32.EXE:

Check Your PC Now
Your PC is infected. The file called LWSYS32.EXE is considered unsafe and there may be other infections on your PC.


You should urgently check your PC and remove any malicious software including LWSYS32.EXE as soon as possible. The free version of Prevx CSI will scan your PC for millions of spyware and malware infections in less than 2 minutes. Don't take the risk, check your PC now by clicking the green button.

Download Prevx CSI Now

Who Uses Prevx CSI?

Prevx has been detecting the threats that others miss since 2004.

More than 2,050,656 people have scanned with Prevx CSI and between them have checked 29.1 billion files. 65% of the PCs scanned had malware present.

What we know about LWSYS32.EXE:

The filename LWSYS32.EXE was first seen on Mar 1 2008 in SWEDEN. It has also been seen in the following geographical regions of the Prevx community:

  • SPAIN on Mar 7 2008
  • The UNITED KINGDOM on Mar 28 2008
  • ITALY on Apr 20 2008
  • The EUROPEAN UNION on Mar 1 2008
The filename LWSYS32.EXE refers to many versions of an executable program. They share a common file size of 8,704 bytes.

The filename is associated with the malware group SHeur.AXUK.Some files using the name LWSYS32.EXE are also associated with the malware group:
  • Trojan.DoS.Win32.Opdos
 These files have no vendor, product or version information specified in the file header.

LWSYS32.EXE has been seen to perform the following behavior(s):

  • The Process is packed and/or encrypted using a software packing process
  • Modifies System Runtime Policies to limit system usability
  • This Process Deletes Other Processes From Disk
  • This Process Creates Other Processes On Disk
  • Looks at the contents of the autoexec.bat file
  • Reads email address and phone book details
  • Registers a Dynamic Link Library File

LWSYS32.EXE has been the subject of the following behavior(s):

  • Created as a process on disk
  • Executed as a Process
  • Has code inserted into its Virtual Memory space by other programs
  • Terminated as a Process
  • Executed from Temporary Folders
  • Downloaded from covert web sites without the user knowing
  • Copied to multiple locations on the system

LWSYS32.EXE can also use the following file names:

  • 48461338.EXE
  • 45829556.SVD
  • DPTRMWNTRM-300.PMS.EXE
  • BF2BB07820077390B36537380BCD032C.EXE
  • XP_0118.EXE
  • 08915027.DAT
  • XP_0102.EXE
  • XP_0233.EXE
  • 46319623.EXE
  • 74190669.DAT
  • 98564494.DAT
  • 36965802.DAT
  • 91951731.EXE
  • XP_0064.EXE