Subscribe
The worm copies files from its working folders:
%WorkDir%\host.exe %WorkDir%\autorun.inf
to the Windows root directory:
%WinDir%\svchost.exe %WinDir%\autorun.inf
It then launches the following file for execution:
%WinDir%\svchost.exeand ceases running.
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- Use Task Manager to terminate the backdoor process.
- Delete the original worm file (the location will depend on how the program originally penetrated the victim machine).
- Delete the following files:
%WinDir%\xcopy.exe %WinDir%\svchost.exe %WinDir%\autorun.inf
- Update your antivirus databases and perform a full scan of the computer (download a trial version of Kaspersky Anti-Virus).
This worm copies itself and other malicious programs to system folders. It is a Windows PE EXE file. It is 1 221 bytes in size. It is packed using MEW. The unpacked file is approximately 98KB in size.
InstallationWhen launched, the worm copies its executable file to the Windows root directory:
%WinDir%\xcopy.exe Payload
Hot Articles