KernelScreenshotWin32.exe – Looks like malware to me

Just a quick note on a file called KernelScreenshotWin32.exe that I found earlier today. The file uses typical malware behaviour, that is, it has no version information, no digital signature, no entry in the Add/Remove programs dialog, runs in an unusual folder, called C:\Windows\SysWOW64\KernelScreenshotWin32\ instead of c:\Program Files, bundled with a file signed by Smart Secure Software, no visible GUI, runs in the background, etc, etc.

KernelScreenshotWin32.exe file

However, when I uploaded the file to VirusTotal, none of the 50+ anti-virus programs detected it. Maybe I’m incorrectly calling this malware? It will be interesting to see if some of the scanners start to pick up the KernelScreenshotWin32.exe file in the future.

Anyway, if you’d like to remove the KernelScreenshotWin32.exe file you can do so with FreeFixer. Just select the KernelScreenshotWin32.exe process and service:

KernelScreenshotWin32.exe process KernelScreenshotWin32.exe service

Did you also find KernelScreenshotWin32.exe on your machine? Any idea how it was installed? Please share by posting a comment.