My Bitdefender
  • 0 Shopping Cart


Facebook Twitter Google Plus

Strumenti di rimozione virus gratuiti

PC infetto con un virus in particolare? Liberatene ora, gratuitamente! Semplicemente sfogliando qui sotto il nostro database dei virus conosciuti e cliccando su download per lanciare la processo di rimozione del virus!

Attività virus

livello minaccia

Livello di allarme: normal
Ultime notizie
Facebook Photo Syncing Raises Privacy Concerns
New privacy questions spark after a Facebook user claimed his phone pictures have been pub [...]
Leggi altro
Open Redirect Vulnerability on MasterCard’s Australia Web Site
An open redirect vulnerability has been found on MasterCard’s Australia web site (ma [...]
Leggi altro
Game On! Bitdefender 2015 Boosts Your Gaming Experience
The new Bitdefender 2015 loves gamers. It now protects your in-game life from the outside [...]
Leggi altro
Five Severe Vulnerabilities Fixed in Siemens’ SIMATIC WinCC SCADA System
Siemens has issued an update to its SIMATIC WinCC SCADA system due to five severe vulnerab [...]
Leggi altro
Fancy $110,000? Easy! Just be Russian and find a way of cracking Tor
It looks like Russia is looking for a way to crack down on those who try to hide their act [...]
Leggi altro
Pushdo Pushing Six Figures
Further sinkholing by the Bitdefender research team saw the Pushdo bots calling home from [...]
Leggi altro
Pushdo Botnet Tops 40k
According to Bitdefender researchers who are monitoring the sinkholed Pushdo domains, the [...]
Leggi altro
Pushdo Sinkholing Continues, Size of Problem now Apparent
The sinkholing of Pushdo C&C domains continues and it has become apparent that the bot [...]
Leggi altro
New Pushdo Variant Surfaces
Bitdefender researchers Alexandru Maximciuc, Cristina Vatamanu, Doina Cosovan, Paul Boț a [...]
Leggi altro
On Cryptolocker and the Commercial Malware Delivery Platform behind It
In an ever-connected world, malware thrives and multiplies at an incredible rate. More tha [...]
Leggi altro
Strumento di rimozione in evidenza


2.7 MB
Upon execution the worm copies itself in the windows system folder as kspool.exe and adds a key in the system registry to be run upon startup, named
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Kernel spooler
It then proceeds to spreading, which is done by
a) copying itself as
 >%DriveLetter%\MSSETUP.T~~\Uninstall Driver.exe
where %DriveLetter% is a network mapped drive, creating also a folder.htt file in the same folder, to run the malware when the folder is accessed by Explorer
b) by the dropped library, AVWAV32.DLL, which has file infector behaviour:
It scans the computer for document files (.doc, .xls, .ldf, .mdf) to which it prepends itself and whose extensions are changed to .exe. Upon execution of such a file, the malware infects the computer it is run on, drops the original document and opens it. [...] [...]
carica altri risultati