My Bitdefender
  • 0 Shopping Cart


Facebook Twitter Google Plus

Strumenti di rimozione virus gratuiti

PC infetto con un virus in particolare? Liberatene ora, gratuitamente! Semplicemente sfogliando qui sotto il nostro database dei virus conosciuti e cliccando su download per lanciare la processo di rimozione del virus!

Attività virus

livello minaccia

Livello di allarme: normal
Ultime notizie
Piracy Groups Caught Selling Fake Android Apps
Leading members of three piracy groups that target Android, Appbucket, Applanet and Snappz [...]
Leggi altro
Hacker Finds Undocumented Functions in Apple’s iOS That Could Siphon Data
Jonathan “NerveGas” Zdziarski, an iOS researcher and developer, has found seve [...]
Leggi altro
Funny Video Facebook Scam Drops Not so Funny Trojan, Bitdefender Warns
A new “funny” video spreading on Facebook drops a not so hilarious Trojan on users’ [...]
Leggi altro
Google Blocks Access to Less Secure Apps
Google added a sign-in security feature to its Gmail service in an effort to help users ke [...]
Leggi altro
Apache Server Vulnerability Allows Attackers to Execute Code Remotely Without Authentication
An Apache HTTP server buffer overflow vulnerability could allow attackers to execute code [...]
Leggi altro
Pushdo Botnet Tops 40k
According to Bitdefender researchers who are monitoring the sinkholed Pushdo domains, the [...]
Leggi altro
Pushdo Sinkholing Continues, Size of Problem now Apparent
The sinkholing of Pushdo C&C domains continues and it has become apparent that the bot [...]
Leggi altro
New Pushdo Variant Surfaces
Bitdefender researchers Alexandru Maximciuc, Cristina Vatamanu, Doina Cosovan, Paul Boț a [...]
Leggi altro
On Cryptolocker and the Commercial Malware Delivery Platform behind It
In an ever-connected world, malware thrives and multiplies at an incredible rate. More tha [...]
Leggi altro
Reveton / IcePol Ransomware Moves to Android
It was just a matter of time until the highly prolific gang behind the Reveton / IcePol ne [...]
Leggi altro
Strumento di rimozione in evidenza


2.7 MB
Upon execution the worm copies itself in the windows system folder as kspool.exe and adds a key in the system registry to be run upon startup, named
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Kernel spooler
It then proceeds to spreading, which is done by
a) copying itself as
 >%DriveLetter%\MSSETUP.T~~\Uninstall Driver.exe
where %DriveLetter% is a network mapped drive, creating also a folder.htt file in the same folder, to run the malware when the folder is accessed by Explorer
b) by the dropped library, AVWAV32.DLL, which has file infector behaviour:
It scans the computer for document files (.doc, .xls, .ldf, .mdf) to which it prepends itself and whose extensions are changed to .exe. Upon execution of such a file, the malware infects the computer it is run on, drops the original document and opens it. [...] [...]
carica altri risultati