How to Find subst.exe Malware

What is subst.exe?

subst.exe is a legitimate file process developed by Microsoft Corporation. This process is known as Subst Utility and it belongs to Windows Operating System. You can locate the file in C:\Program Files. The virus is created by malware authors and is named after subst.exe file.

Affected Platform: Windows OS

How to check if your computer is infected with subst.exe malware?

Keep an eye for the following symptoms to check if your PC is infected with subst.exe malware:

Unstable internet connection
Browser redirects to unwanted websites
PC performance slows down
Browser is bombarded with hordes of popup ads
System screen freezes repeatedly

If you find any of the above mentioned symptoms, take the following steps to be sure about the malware infection:

1) Press CTRL+ALT+DEL keys to open Task Manager.

2) Go to the process tab and right-click on the subst.exe file and open its location.

If the file is located outside C:\Program Files, then you should take measures to get rid of the malware.

How to remove subst.exe malware from system with Comodo Cleaning Essentials?

Comodo Cleaning Essentials (CCE) incorporates antivirus software with unique features like auto-sandboxing to identify and obstruct every suspicious process running on an endpoint with a single click. To remove subst.exe malware using CCE, follow the steps mentioned below:

Step 1: Download the CCE suite.

Step 2: To start the application, double-click on the CCE.exe file.

Step 3: It then probes the antivirus to initiate a full system scan to identify and remove any existing malicious files.

Step 4: If threats are found during the scanning, you will be prompted with an alert screen.

Step 5: Comodo Cleaning Essentials will remove subst.exe malware from your computer including all other malwares!

Malware Entries

Safe Entries

First Seen: 27 November 2011 at 12:07 am

No.	Company	File Type	SHA1	MD5	Malware Name	Digitally Signed	File Version	Product Version	Submitted From	Malware Behavior
1	Microsoft Corporation	Executable	b603203b7f6a8821 01928ae29612ef90 edcdb6e3	842c52408935fb56 6aabfb28f9eddffc	Virus.Win32. Sality.gen	No	5.1.2600.0 (xpclient. 010817-114 8)	5.1.2600.0	Romania	N/A
2	Microsoft Corporation	Executable	9ca7354f6d4ed15f e58b78a42a64c41b ee7b8393	2aaabc739e0e5212 79708ba90fb1a80c	Virus.Win32. Sality.gen	No	5.1.2600.0 (xpclient. 010817-114 8)	5.1.2600.0	Brazil	N/A
3	Microsoft Corporation	Executable	78ed94bb8715a257 568fc5935167381e 217cb206	2b5a815b4c323075 7c5e6d19d2afcdfa	Virus.Win32. Virut.CE	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	Australia	N/A
4	Microsoft Corporation	Executable	cc08bc45cac6b070 c13f336a8ba82a2d 5f5cade3	a79c9bc80b6c7b32 0b6da93794d54bb6	Virus.Win32. Virut.CE	No	5.1.2600.0 (xpclient. 010817-114 8)	5.1.2600.0	102.41.88.6/32	N/A
5	Microsoft Corporation	Executable	6ffa275d55444a72 3d686e0f6f8b6153 ad8f538b	12bd58d8bf4af4da 8e2ae42ebb5c99ab	Virus.Win32. Expiro.niw	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	177.103.127.209/32	N/A
6	N/A	Executable	e7293d64a885fbb3 07371fb3e9e8da3f 68d13970	49645dbea05d3001 c5ed08817940a938	Virus.Win32. Virut.CE	No	N/A	N/A	197.156.80.220/32	N/A
7	Microsoft Corporation	Executable	609b49ab85373c31 e83a6853e142018e cc9772f6	18c5f6f0abe132d2 dd59b61dc29b0160	Virus.Win32. Virut.CE	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	Morocco	N/A
8	Microsoft Corporation	Executable	d96f1a561cdd0252 fbd99ed1706632c9 feccfe75	49d3c97e8e85be5c de9401adcc433a17	Virus.Win32. Sality.gen	No	5.1.2600.0 (xpclient. 010817-114 8)	5.1.2600.0	Ukraine	N/A
9	Microsoft Corporation	Executable	de1d6161962919c9 6589fe3bad837a8a 7898c2c4	f6278ba9d59bcd12 251a10efe3551ccb	Virus.Win32. Virut.CE	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	Nigeria	N/A
10	Microsoft Corporation	Executable	043622db40b978a9 fcd52880e0950285 937df55b	442b5153ecd63f40 dce2932d4e591b67	Virus.Win32. Parite.gen	No	5.1.2600.0 (xpclient. 010817-114 8)	5.1.2600.0	Bulgaria	N/A
11	Microsoft Corporation	Executable	52ba5ad519076240 ce62d679fc1e8387 a70dbe7e	ed969ad667f4b5ba 88f16e64857f2070	Virus.Win32. Virut.CE	No	5.1.2600.0 (xpclient. 010817-114 8)	5.1.2600.0	Europe	N/A
12	Microsoft Corporation	Executable	969363ed49dd4813 c916a1ec9ca3dd83 f03b0d8b	67bce303d1c416dd 6d3fe0aa30021d91	Virus.Win32. Virut.CE	No	5.1.2600.0 (xpclient. 010817-114 8)	5.1.2600.0	Morocco	N/A
13	Microsoft Corporation	Executable	60837083423b2105 e6003e693d8c2c74 fad2fb17	5e8b7b4eb741170b 4c604101d626d3e5	Virus.Win32. Virut.CE	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	Lao People's Democratic Republic	N/A
14	Microsoft Corporation	Executable	d7d7a231419224a3 179526ca1d071b79 5bed7f50	3b283d65bfcff017 e6ddd26e330409c1	Virus.Win32. Virut.CE	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	102.41.94.50/32	N/A
15	Microsoft Corporation	Executable	0e5f6600c8f25282 a318514fdcfa24e4 81152d10	bec4da9324c52456 56fc268e931ca748	Virus.Win32. Parite.gen	No	5.1.2600.0 (xpclient. 010817-114 8)	5.1.2600.0	Turkey	N/A
16	Microsoft Corporation	Executable	1b789bde6fb8e2dd 12d6dee83b207231 ad80fd46	3607bb46e73a6e34 1f8c04a158d22471	Virus.Win32. Virut.CE	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	Europe	N/A
17	Microsoft Corporation	Executable	5c5c60b6c5f61940 e861cf8d013f3ecc c483b326	8422501c66b04a69 07957d8e6615aac9	Virus.Win32. Virut.CE	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	Vietnam	N/A
18	Microsoft Corporation	Executable	112900beceef3a39 048b04ab9ce30f7e fdbac852	6e47848d1029c6df b77d13c4a3585321	Virus.Win32. Virut.CE	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	Indonesia	N/A
19	Microsoft Corporation	Executable	1b04223984c93c51 05d4075b9845bd45 f9ef1324	ed75efb7a6151337 4e1b0651b31642c5	Virus.Win32. Parite.gen	No	5.1.2600.0 (xpclient. 010817-114 8)	5.1.2600.0	Internal Submission	N/A
20	Microsoft Corporation	Executable	6f563b9cd3973ca0 73b94bf696dd831d ef3620a9	e606532a434a8555 1182b94a58a48813	Virus.Win32. Virut.CE	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	Egypt	N/A
21	N/A	Executable	7a4b6b856cf0c160 3fad923711bce85c e9f295cc	d438df33cd987fff 2592131340677c7d	Virus.Win32. Virut.CE	No	N/A	N/A	Egypt	N/A
22	N/A	Executable	9fdfe24ff63b5c6c 60a0b1a8ad055210 e1218d3a	d2582edde4417de9 d3461c089b08707f	Virus.Win32. Sality.gen	No	N/A	N/A	Ukraine	N/A
23	Microsoft Corporation	Executable	8451b3c74bd9d1e3 7853c028d8bd27fd dd1ba56e	b11431519f95dadc 106216372a4f4180	Virus.Win32. Virut.CE	No	5.1.2600.0 (xpclient. 010817-114 8)	5.1.2600.0	Turkey	N/A
24	Microsoft Corporation	Executable	23bfd8181d48d05e 0af3e79c5a1d3eae 6222e57d	c21e00da0a1a8c25 79bd97d2862cb6e8	Virus.Win32. Virut.CE	No	5.1.2600.0 (xpclient. 010817-114 8)	5.1.2600.0	United States	N/A
25	Microsoft Corporation	Executable	fa999c400a16c636 891139cb1b3dc82e 109216f9	d25e2961d34cae2f df7bc0087809a0fb	Virus.Win32. Sality.gen	No	5.1.2600.0 (xpclient. 010817-114 8)	5.1.2600.0	Philippines	N/A
26	Microsoft Corporation	Executable	3b792e7ab384ba44 e9646c48f6b72346 d73a4176	9d86ce8a76425823 7092ebe1f8f44d51	Virus.Win32. Virut.CE	No	6.1.7600.1 6385 (win7_rtm. 090713-125 5)	6.1.7600.1 6385	Indonesia	N/A

Prev 1 2 3...7 Next

Display 4 items per page

4 items per page
8 items per page
16 items per page
32 items per page

Safe Entries

First Seen: 25 June 2008 at 5:21 pm

No.	Company	File Type	SHA1	MD5	Digitally Signed	File Version	Product Version	Submitted From
1	N/A	Non-executable	873caf93ce3ba6e4 459d0a0d50e60c45 4637e9a7	6a02ba6a994a91ab ff2b2f1673460d4d	No	N/A	N/A	United States
2	Microsoft Corporation	Executable	e729a8fe1b1421b4 2660c7b6c905799d 8cdc9af2	16f1c459c21c0a76 d13d2e6dab81c344	No	5.1.2600.0 (xpclient. 010817-114 8)	5.1.2600.0	Internal Submission
3	ReactOS Development Team	Executable	d5f63e1766082566 f3b67541f543f7a7 92af33f4	d7ae53e74ef0788f 5bf696cee0b82cf3	No	0.4.8	0.4.8	10.108.51.194/32
4	N/A	Executable	836674bc9d18f6c2 75f209b31a4d436c f870ed4a	0a2405b1fc1ab4a1 92ea7b60b76812e3	No	N/A	N/A	10.224.1.117/32
5	N/A	Executable	98c8f91ba2c807b0 82464465cba46788 873c07df	9badab2140682ea9 22a1621b46a04337	No	N/A	N/A	Internal Submission
6	Microsoft Corporation	Executable	8d6580b6685db6ae 0d9ca0acf3a62a8f 61597f7f	e4f352be823590b5 8d6d494ccb14402b	No	6.3.9600.1 6384 (winblue_r tm.130821- 1623)	6.3.9600.1 6384	United States
7	Microsoft Corporation	Executable	8d6580b6685db6ae 0d9ca0acf3a62a8f 61597f7f	e4f352be823590b5 8d6d494ccb14402b	No	6.3.9600.1 6384 (winblue_r tm.130821- 1623)	6.3.9600.1 6384	10.108.51.116/32
8	Microsoft Corporation	Executable	e35b019ad553d1ad da91ff940048b860 50ebee5f	3cf130618ca08f53 846c410f705bb4c7	No	10.0.19041 .3570 (WinBuild. 160101.080 0)	10.0.19041 .3570	United States
9	Microsoft Corporation	Executable	c11302c592400f6a f7f409a46efd4443 b43a2bb3	77847ef3cec784b1 3705e5ef338bb165	No	5.1.2600.0 (xpclient. 010817-114 8)	5.1.2600.0	10.224.1.63/32
10	Microsoft Corporation	Executable	a0edef10a41c1ce9 342b67983f66cb1b d655570f	2bc0392ed9b86dcb 6c386cc8f34a1f38	Yes	5.1.2600.0 (xpclient. 010817-114 8)	5.1.2600.0	Internal Submission
11	N/A	Executable	77b8b10fb354b146 2f61640a50b2dfc9 395bea3c	01800c5c7eaa6275 1db3b91c3b7647b4	No	N/A	N/A	Internal Submission
12	N/A	Executable	ab6e43bf8e2a0b9e a6c0009b1d2e43f8 a5175fda	8acb90066562e58e 4c1e63ecec499486	No	N/A	N/A	Internal Submission

Prev 1 2 3 Next

Display 4 items per page

4 items per page
8 items per page
16 items per page
32 items per page

Malware Search Engine

How to Remove “subst.exe”

What is subst.exe?

How to check if your computer is infected with subst.exe malware?