Category Archives: Worm

Remove VBS.Dunihi!gen2

VBS.Dunihi!gen2 is detection for a computer worm that normally spreads on removable devices and shared network resources. It can steal sensitive data from compromised PC.

Remove MSIL.Petapani

MSIL.Petapani is detection for a computer worm that normally spreads on removable devices and shared network resources. It can steal sensitive data from compromised PC.

Worm:Win32/Conficker.B

Worm:Win32/Conficker.B is a type of worm in which users must not allow staying even one more minute in their PC. This worm came from the dreaded Conficker family. It has considered as one of most malicious and very harmful type of infection. Worm:Win32/Conficker.B used to locate the weak point of a target computer and exploits […]

Worm:Win32/Dorpiex.A

Worm:Win32/Dorpiex.A is a computer worm that is being spread via social networking sites Facebook. This worm sends messages that have a link pointing to the location of a malware. Clicking the links may open web browser and executes the code on the harmful web site. It is observed that Worm:Win32/Dorpiex.A is associated with a threat […]

VirTool:INF/Autorun.gen!F

VirTool:INF/Autorun.gen!F is a broad detection for a maliciously created autorun.inf file linked to a malware. It often comes with an executable file that it calls whenever the user accesses the infected drive. Not all autorun.inf file are malicious, programs and disc uses the file to automate the running of legitimate software use it. This function […]

Win32/Xorer Virus

Win32/Xorer is a detection for exact variant of virus or worm that came from Xorer family. These file infector worms spread in a specific period. Win32/Xorer drops copies of the harmful code into removable drives. The worm is designed to run every time that the infected drive is accessed.

VBS:Malware-Gen

VBS:Malware-Gen is a computer worm that will spread on local and network shared drives. This worm is typically made as a Visual Basic Script file that will function based on the configuration of the code. There are certain reasons why authors created a worm such as VBS:Malware-Gen. On recent observation and constant monitoring of this […]

W32.Imsolk.B@mm

W32.Imsolk.B@mm is a worm discovered to utilized victims computer to mass-mail itself and spread quickly from this technique. Normally, the worm sends the copy of the code via spam email messages with subjects ‘Here you have’ or ‘Just for you’. Contents of the message varies from documents to photos that sender asked you to open. […]

W32/Autorun.worm!ju

W32/Autorun.worm!ju may also perform the following payloads: It will modify Windows Registry and add the following entries: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] “Explorador” = “%WINDIR%\Hyden.dll.exe” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\] “matriz” = “explorer.exe Twain32.dll.exe” [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\KnownDLLs\] “Hyden” = “Hyden.dll.exe” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\] “Hyden” = “Hyden.dll.exe”[%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)] The threat will drop the following malicious files: %WINDIR%\system32\Explores.exe %WINDIR%\system32\Hyden.dll.exe %WINDIR%\system32\Twain32.dll.exe […]

W32.Spybot.AVEO

W32.Spybot.AVEO also performs the following payloads: It will modify Windows Registry and add the following entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”Windows Firewall Updater” = “windowsupdate.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\”Windows Firewall Updater” = “windowsupdate.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\”EnableRemoteConnect” = “N” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT1.0\Server\”Enabled” = “0” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\”AutoShareWks” = “0” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\”AutoShareServer” = “0” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\”windowsupdate.exe” = “C:\WINDOWS\system32\windowsupdate.exe:*:Enabled:Windows Firewall Updater” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\”AllowUnqualifiedQuery” = “0” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\”PrioritizeRecordData” = “1” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\”TCP1320Opts” = “3” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\”KeepAliveTime” = “23280” […]