Meu Bitdefender
  • 0 Shopping Cart


Facebook Twitter Google Plus

Ferramentas de Remoção de Vírus Gratuitas

Pc infectado com um vírus específico? Livre-se dele agora, de graça! Basta navegar pela nossa base de dados de vírus conhecidos abaixo e clicar no botão de download para iniciar o processo de remoção do vírus!

Atividade de vírus

nível de ameaça

Nível de Alerta : normal
Últimas Notícias
Thousands of WordPress Sites Compromised through MailPoet Vulnerability
Around 50,000 websites have been compromised through a vulnerability in the MailPoet WordP [...]
Leia mais
European Central Bank Web Site Breached; 20,000 Email Addresses Stolen
The European Central Bank’s (ECB) web site has been breached by cybercriminals and t [...]
Leia mais
Piracy Groups Caught Selling Fake Android Apps
Leading members of three piracy groups that target Android, Appbucket, Applanet and Snappz [...]
Leia mais
Hacker Finds Undocumented Functions in Apple’s iOS That Could Siphon Data
Jonathan “NerveGas” Zdziarski, an iOS researcher and developer, has found seve [...]
Leia mais
Funny Video Facebook Scam Drops Not so Funny Trojan, Bitdefender Warns
A new “funny” video spreading on Facebook drops a not so hilarious Trojan on users’ [...]
Leia mais
Pushdo Botnet Tops 40k
According to Bitdefender researchers who are monitoring the sinkholed Pushdo domains, the [...]
Leia mais
Pushdo Sinkholing Continues, Size of Problem now Apparent
The sinkholing of Pushdo C&C domains continues and it has become apparent that the bot [...]
Leia mais
New Pushdo Variant Surfaces
Bitdefender researchers Alexandru Maximciuc, Cristina Vatamanu, Doina Cosovan, Paul Boț a [...]
Leia mais
On Cryptolocker and the Commercial Malware Delivery Platform behind It
In an ever-connected world, malware thrives and multiplies at an incredible rate. More tha [...]
Leia mais
Reveton / IcePol Ransomware Moves to Android
It was just a matter of time until the highly prolific gang behind the Reveton / IcePol ne [...]
Leia mais
Ferramenta de remoção especial


2.7 MB
Upon execution the worm copies itself in the windows system folder as kspool.exe and adds a key in the system registry to be run upon startup, named
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Kernel spooler
It then proceeds to spreading, which is done by
a) copying itself as
 >%DriveLetter%\MSSETUP.T~~\Uninstall Driver.exe
where %DriveLetter% is a network mapped drive, creating also a folder.htt file in the same folder, to run the malware when the folder is accessed by Explorer
b) by the dropped library, AVWAV32.DLL, which has file infector behaviour:
It scans the computer for document files (.doc, .xls, .ldf, .mdf) to which it prepends itself and whose extensions are changed to .exe. Upon execution of such a file, the malware infects the computer it is run on, drops the original document and opens it. [...] [...]
carregar mais resultados