Remove Worm:Win32/Conficker.B

Worm:Win32/Conficker.B is a type of worm in which users must not allow staying even one more minute in their PC. This worm came from the dreaded Conficker family. It has considered as one of most malicious and very harmful type of infection. Worm:Win32/Conficker.B used to locate the weak point of a target computer and exploits them. Once it is sited, installer takes command using the malware code to your computer system. After being infected by the malicious code, right away it starts risky intent.

Read moreRemove Worm:Win32/Conficker.B

Remove VirTool:INF/Autorun.gen!F

VirTool:INF/Autorun.gen!F is a broad detection for a maliciously created autorun.inf file linked to a malware. It often comes with an executable file that it calls whenever the user accesses the infected drive. Not all autorun.inf file are malicious, programs and disc uses the file to automate the running of legitimate software use it. This function is however taken advantage of malware authors. By creating a harmful autorun.inf file, user may unexpectedly initiate a virus or worm when the infected drive is used.

Read moreRemove VirTool:INF/Autorun.gen!F

Remove VBS:Malware-Gen

VBS:Malware-Gen is a computer worm that will spread on local and network shared drives. This worm is typically made as a Visual Basic Script file that will function based on the configuration of the code. There are certain reasons why authors created a worm such as VBS:Malware-Gen. On recent observation and constant monitoring of this worm, it was discovered that it has huge payload and it differs for various breed of this worm. It may have mild effect on the computer, but also may trigger complex trouble once executed.

Read moreRemove VBS:Malware-Gen

Remove W32.Imsolk.B@mm

W32.Imsolk.B@mm is a worm discovered to utilized victims computer to mass-mail itself and spread quickly from this technique. Normally, the worm sends the copy of the code via spam email messages with subjects ‘Here you have’ or ‘Just for you’. Contents of the message varies from documents to photos that sender asked you to open. On other instances, it may insert free download of movies and programs as a message. Links contained within the email may lead you to a malware web site when clicked.

Read moreRemove W32.Imsolk.B@mm


W32/Autorun.worm!ju may also perform the following payloads: It will modify Windows Registry and add the following entries: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] “Explorador” = “%WINDIR%\Hyden.dll.exe” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\] “matriz” = “explorer.exe Twain32.dll.exe” [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\KnownDLLs\] “Hyden” = “Hyden.dll.exe” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\] “Hyden” = “Hyden.dll.exe”[%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)] The threat will drop the following malicious files: %WINDIR%\system32\Explores.exe %WINDIR%\system32\Hyden.dll.exe %WINDIR%\system32\Twain32.dll.exe … Read more

Remove W32.Spybot.AVEO

W32.Spybot.AVEO also performs the following payloads: It will modify Windows Registry and add the following entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”Windows Firewall Updater” = “windowsupdate.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\”Windows Firewall Updater” = “windowsupdate.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\”EnableRemoteConnect” = “N” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT1.0\Server\”Enabled” = “0” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\”AutoShareWks” = “0” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\”AutoShareServer” = “0” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\”windowsupdate.exe” = “C:\WINDOWS\system32\windowsupdate.exe:*:Enabled:Windows Firewall Updater” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\”AllowUnqualifiedQuery” = “0” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\”PrioritizeRecordData” = “1” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\”TCP1320Opts” = “3” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\”KeepAliveTime” = “23280” … Read more