507 Kb


Loss of storage space
Presence of the key:
HK_LM\Software\Microsoft\Windows\CurrentVersion\Run named “svchost.exe“
Task Manager is disabled

Istruzioni per la rimozione:

Please let BitDefender disinfect your files.

Analizzato da

Cristian Lungu, virus researcher

Descrizione tecnica:

This is a somewhat harmless virus. It first makes a registry key in HK_LM\Software\Microsoft\Windows\CurrentVersion\Run named “svchost.exe“ witch contains the path to the calling file that enables him at startup. It also makes the following registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Poicies\System\DisableTaskMgr that tryes to disable the task manager.

After these two steps, the process scans the local hard drive and for each file found (“*.uri”, “*.txt” , “*.uri”, “*.dll”, “*.exe”, etc...) it makes a copy of itself in the current directory named as the file found. Eventually, the local storage space will become insufficient and the system will come to a halt.