My Bitdefender
  • 0 Shopping Cart

CONDIVIDI
SU

Facebook Twitter Google Plus

Strumenti di rimozione virus gratuiti

PC infetto con un virus in particolare? Liberatene ora, gratuitamente! Semplicemente sfogliando qui sotto il nostro database dei virus conosciuti e cliccando su download per lanciare la processo di rimozione del virus!

Attività virus

livello minaccia

Livello di allarme: normal
Ultime notizie
Hackers attempt to blackmail cosmetic surgery firm, after stealing up to 500,000 patients’ records
The personal details of nearly half a million people, considering cosmetic surgery, may ha [...]
Leggi altro
Are You Ready to Vote for HotforSecurity?
We’re excited to share with you that HotforSecurity and Bitdefender Labs have been nomin [...]
Leggi altro
Warlords of Draenor Pre-Install Phishes for WoW players’ accounts
World of Warcraft players need to ignore the unexpected e-mails that pop up into their inb [...]
Leggi altro
The NSA knew about Heartbleed bug for two years, claims report
Has the United States’ National Security Agency (NSA) really known about the Heartbl [...]
Leggi altro
Facebook Follower Scam Prompts Victims to Inject Themselves with Dangerous Code
More than 17,000 Facebook users were tricked by a bold scam that promised them over 100,00 [...]
Leggi altro
Bitdefender Blocks .rtf Exploit
Bitdefender has added detection to all products for code exploiting the recently revealed [...]
Leggi altro
Trojan Promises Naked Videos of Facebook Friends
More than 2,000 people have been tricked into installing a Trojan after clicking on a new [...]
Leggi altro
Digging into Facebook ads: finding clues that indicate a scam pattern
The paper by Bitdefender developer Andrei Serbanoiu, titled Digging into Facebook ads: fin [...]
Leggi altro
Icepol MDN – A Server Snapshot
Bitdefender researchers have gained access on September 26, 2013 to the disk images of a s [...]
Leggi altro
On the Cryptolocker Takedown #fail
Bitdefender researchers have identified a number of domains which are still hosting Crypto [...]
Leggi altro
Strumento di rimozione in evidenza

Win32.Worm.Delf.NCZ

BASSO
BASSO
2.7 MB
05/24/07
Upon execution the worm copies itself in the windows system folder as kspool.exe and adds a key in the system registry to be run upon startup, named
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Kernel spooler
It then proceeds to spreading, which is done by
a) copying itself as
 >%DriveLetter%\MSSETUP.T~~\Uninstall Driver.exe
where %DriveLetter% is a network mapped drive, creating also a folder.htt file in the same folder, to run the malware when the folder is accessed by Explorer
and
b) by the dropped library, AVWAV32.DLL, which has file infector behaviour:
It scans the computer for document files (.doc, .xls, .ldf, .mdf) to which it prepends itself and whose extensions are changed to .exe. Upon execution of such a file, the malware infects the computer it is run on, drops the original document and opens it. [...] [...]
carica altri risultati