Ferramentas de Remoção de Vírus Gratuitas
Pc infectado com um vírus específico? Livre-se dele agora, de graça! Basta navegar pela nossa base de dados de vírus conhecidos abaixo e clicar no botão de download para iniciar o processo de remoção do vírus!
Atividade de vírus
nível de ameaça
Trojan.Obad.A Gets Administrator Privileges and Manages Your Device for You
A new variant of Android malware is making its rounds in the wild, wreaking havoc among us [...]
Leia mais
Google to Clean Internet of Child Porn Images
Google is looking to eradicate images of child sexual abuse from the Web and go after the [...]
Leia mais
Chinese Digital Spies Snoop on Apple’s Latest iPhone Designs, Obama Claims
Surprising details emerged after last week’s meeting between US President Barack Obama a [...]
Leia mais
Old Bug in Flash Allows Cyber-Crooks to start Webcams, Microphone
An older flaw in the Adobe Flash plugin that should have been fixed two years ago is still [...]
Leia mais
Medical Equipment Highly Vulnerable to Intruders
Patients using medical gear such as pacemakers, heart defibrillators and insulin dispenser [...]
Leia mais
New TDL Clones in the Wild
New TDL clones are making the rounds these days, according to Bitdefender Labs antimalware [...]
Leia mais
BTC Acceptance Rising – Among Cyber-thieves
While the actual Bitcoin currency might have its ups and downs, the notion that it is real [...]
Leia mais
Police Ransomware Trojan Morphs, Spreads
The Trojan.Icepol e-threat (that we’ve covered here before) is still alive and very [...]
Leia mais
MiniDuke – The Final Cut
Bitdefender Labs analysts have taken the time to put together an in-depth look at MiniDuke [...]
Leia mais
How to Target a Collection Tool – MiniDuke
The 2012 sample of MiniDuke is now fully analyzed and the results are in, revealing a surp [...]
Leia mais
Ferramenta de remoção especial
Win32.Worm.Delf.NCZ
BAIXO
BAIXO
2.7 MB
05.23.2007
Upon execution the worm copies itself in the windows system folder as kspool.exe and adds a key in the system registry to be run upon startup, named
a) copying itself as
and
b) by the dropped library, AVWAV32.DLL, which has file infector behaviour:
It scans the computer for document files (.doc, .xls, .ldf, .mdf) to which it prepends itself and whose extensions are changed to .exe. Upon execution of such a file, the malware infects the computer it is run on, drops the original document and opens it. [...] [...]
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\Kernel spoolerIt then proceeds to spreading, which is done by
a) copying itself as
>%DriveLetter%\MSSETUP.T~~\Uninstall Driver.exewhere %DriveLetter% is a network mapped drive, creating also a folder.htt file in the same folder, to run the malware when the folder is accessed by Explorer
and
b) by the dropped library, AVWAV32.DLL, which has file infector behaviour:
It scans the computer for document files (.doc, .xls, .ldf, .mdf) to which it prepends itself and whose extensions are changed to .exe. Upon execution of such a file, the malware infects the computer it is run on, drops the original document and opens it. [...] [...]
COMPARTILHE
ISSO EM