Worm Archives - VirusPup

Remove VBS.Dunihi!gen2

September 17, 2016June 11, 2014 by Robert La Nguyen

VBS.Dunihi!gen2 is detection for a computer worm that normally spreads on removable devices and shared network resources. It can steal sensitive data from compromised PC.

Remove MSIL.Petapani

June 11, 2014 by Robert La Nguyen

MSIL.Petapani is detection for a computer worm that normally spreads on removable devices and shared network resources. It can steal sensitive data from compromised PC.

Remove Worm:Win32/Conficker.B

August 31, 2016May 23, 2013 by Robert La Nguyen

Worm:Win32/Conficker.B is a type of worm in which users must not allow staying even one more minute in their PC. This worm came from the dreaded Conficker family. It has considered as one of most malicious and very harmful type of infection. Worm:Win32/Conficker.B used to locate the weak point of a target computer and exploits them. Once it is sited, installer takes command using the malware code to your computer system. After being infected by the malicious code, right away it starts risky intent.

Remove Worm:Win32/Dorpiex.A

August 31, 2016May 18, 2013 by Robert La Nguyen

Worm:Win32/Dorpiex.A is a computer worm that is being spread via social networking sites Facebook. This worm sends messages that have a link pointing to the location of a malware. Clicking the links may open web browser and executes the code on the harmful web site. It is observed that Worm:Win32/Dorpiex.A is associated with a threat Worm:Win32/Dorpiex.A.

Remove VirTool:INF/Autorun.gen!F

September 8, 2016October 22, 2012 by Robert La Nguyen

VirTool:INF/Autorun.gen!F is a broad detection for a maliciously created autorun.inf file linked to a malware. It often comes with an executable file that it calls whenever the user accesses the infected drive. Not all autorun.inf file are malicious, programs and disc uses the file to automate the running of legitimate software use it. This function is however taken advantage of malware authors. By creating a harmful autorun.inf file, user may unexpectedly initiate a virus or worm when the infected drive is used.

Remove Win32/Xorer Virus

September 1, 2016October 21, 2012 by Robert La Nguyen

Win32/Xorer is a detection for exact variant of virus or worm that came from Xorer family. These file infector worms spread in a specific period. Win32/Xorer drops copies of the harmful code into removable drives. The worm is designed to run every time that the infected drive is accessed.

Remove VBS:Malware-Gen

September 1, 2016August 17, 2012 by Robert La Nguyen

VBS:Malware-Gen is a computer worm that will spread on local and network shared drives. This worm is typically made as a Visual Basic Script file that will function based on the configuration of the code. There are certain reasons why authors created a worm such as VBS:Malware-Gen. On recent observation and constant monitoring of this worm, it was discovered that it has huge payload and it differs for various breed of this worm. It may have mild effect on the computer, but also may trigger complex trouble once executed.

Remove W32.Imsolk.B@mm

September 8, 2016September 12, 2010 by Robert La Nguyen

W32.Imsolk.B@mm is a worm discovered to utilized victims computer to mass-mail itself and spread quickly from this technique. Normally, the worm sends the copy of the code via spam email messages with subjects �Here you have� or �Just for you�. Contents of the message varies from documents to photos that sender asked you to open. On other instances, it may insert free download of movies and programs as a message. Links contained within the email may lead you to a malware web site when clicked.

W32/Autorun.worm!ju

June 10, 2014May 14, 2010 by Robert La Nguyen

W32/Autorun.worm!ju may also perform the following payloads: It will modify Windows Registry and add the following entries: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] �Explorador� = “%WINDIR%\Hyden.dll.exe” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\] �matriz� = “explorer.exe Twain32.dll.exe” [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\KnownDLLs\] �Hyden� = “Hyden.dll.exe” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\] �Hyden� = “Hyden.dll.exe”[%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)] The threat will drop the following malicious files: %WINDIR%\system32\Explores.exe %WINDIR%\system32\Hyden.dll.exe %WINDIR%\system32\Twain32.dll.exe … Read more

Remove W32.Spybot.AVEO

September 19, 2016February 25, 2010 by Robert La Nguyen

W32.Spybot.AVEO also performs the following payloads: It will modify Windows Registry and add the following entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”Windows Firewall Updater” = “windowsupdate.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\”Windows Firewall Updater” = “windowsupdate.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\”EnableRemoteConnect” = “N” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT1.0\Server\”Enabled” = “0” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\”AutoShareWks” = “0” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\”AutoShareServer” = “0” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\”windowsupdate.exe” = “C:\WINDOWS\system32\windowsupdate.exe:*:Enabled:Windows Firewall Updater” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\”AllowUnqualifiedQuery” = “0” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\”PrioritizeRecordData” = “1” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\”TCP1320Opts” = “3” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\”KeepAliveTime” = “23280” … Read more