Remove spyware, adware and malware » Worms

RPC Virus

Gina — Wed, 30 Jun 2010 07:37:27 +0000

RPC Virus is a worm which enters the system through its flaws. RPC Virus has many aliases, such as, Remote Procedure Call Virus, MSBlast, Blaster Virus, W32.Blaster.Worm.

The worm makes your computer work slower and also blocks your web browser. You may experience frequent computer crash which is very annoying. RPC Virus releases fake warning message which reads:

Remove the RPC Virus virus
Windows has detected RPC Virus, a known computer virus on your computer. RPC Virus has caused your computer to stop working properly.

Remove the RPC Virus virus from your computer
This problem was caused by RPC Virus, a known computer virus.
To prevent this problem from occurring again, install and run an up-to-date antivirus and antispyware program on your computer.
Click to go online to view a list of Microsoft and third-party security software.

This is a fabricated security threat which tries to force use into buying illegal programs. Do not trust this but use effective security software and delete all real security threats, like RPC Virus, from your computer upon detection.

Svich

Gina — Fri, 11 Jun 2010 10:23:21 +0000

Svich is a worm which comes to the user’s computer via Yahoo! Messenger. Once active, Svich will start to send malicious links to Yahoo! Messenger’s users or will change system’s registries and disable Task Manager. Svich is a misleading threat which can be get rid of by reputable anti-spyware program.

It also has its alias, for example: Worm.Win32.AutoRun.fnc (Kaspersky Lab), W32/YahLover.worm!a (McAfee), Mal/Generic-A (Sophos), Win-Trojan/StartPage.745029 (AhnLab).

Conficker.E

Jason J — Thu, 07 May 2009 08:28:41 +0000

(Infection Distribution, © Conficker Working Group)

Conficker.E is a computer worm which is a type of virus that spreads throughout the internet via e-mail attachments and network messages. However, it is different from most of the viruses as the worm is autonomous and has no need to be a part of some other program in order to multiply itself. This virus hides in the system, uses the computer’s resources and affects its performance. It might delete files or send emails without the user even knowing about it.

Conficker.E is the latest part of the infamous Conficker worm. Conficker.E does not only spread into new systems, but it also updates the ones that have been infected previously with the earlier versions of the virus. It spreads through MS08-067 exploit, so in order to avoid Conficker.E you should always keep your OS updated.

Conficker-E also has some additional features: it downloads W32.Waledac trojan and one of the malware programs Spyware Protect 2009. Please follow the bellow instructions in order to remove Conficker.E from your computer.

Your_dad_has_shit_fetish_too.PIF

luciana — Wed, 25 Feb 2009 14:43:04 +0000

Do not accept Your_dad_has_shit_fetish_too.PIF file sent via Skype instant messenger. The “Your dad has shit fetish too.pif” contains a computer worm. When a recipient clicks on the file to open it, worm is installed on a pc. The basic function of Your_dad_has_shit_fetish_too.PIF is to infect as much computers as possible. Once it gets on a machine, it starts sending the same file to everyone listed on victim’s Skype Contacts.

Security tools usually detect Your_dad_has_shit_fetish_too.PIF as W32/Autorun-XR, W32.SillyP2P or Trojan.Win32.Buzus.aliy.

Lady_Eats_Her_Shit–www.youtube.com

luciana — Tue, 03 Feb 2009 15:22:55 +0000

Lady_Eats_Her_Shit–www.youtube.com a.k.a. ‘Lady Eats Her Shit www.youtube.com’ is a new Skype infection. It spreads just like similar Skype worms. Lady_Eats_Her_Shit–www.youtube.com sends copies of itself to every contact on Skype Contacts list. If a receiver accepts the transmission and opens the file, his computer starts distributing malware too. Do not accept such a file.

Win32.Zafi.b

luciana — Tue, 13 Jan 2009 10:50:37 +0000

Win32.Zafi.b is a fake computer infection reported by corrupt anti-spyware and anti-virus programs. There is a real computer worm named Win32.Zafi.b but it is quite rare. If a security program warns you about the Zafi.b, you should really be concerned about intentions of the program you use.

The fake Win32.Zafi.b is supposedly detected by Perfect Defender 2009 and other corrupt applications. PerfectDefender 2009 reports Win32.Zafi.b and offers removing the fabricated infection for a certain fee ($30-$80). Don’t trust Perfect Defender and other programs that load pop-ups related to Win32.Zafi.b.

Click here to delete Perfect Defender 2009.

YOUR-MOTHER-NAKED-hahahaha.PIF

luciana — Mon, 12 Jan 2009 13:11:22 +0000

YOUR-MOTHER-NAKED-hahahaha.PIF is infamous computer worm which affects accounts of Skype instant messenger.

The file ‘YOUR-MOTHER-NAKED-hahahaha.PIF’ is actually an infection named Backdoor.Win32.VB.ata or w32.SillyIM by experts of cyber security. Once someone accepts the YOUR-MOTHER-NAKED-hahahaha.PIF and tries to open the file, all he/she gets is a copy of w32.SillyIM worm. The worm then starts sending the infected file to everyone on victim’s Contacts list.

Do not accept ‘YOUR-MOTHER-NAKED-hahahaha.PIF’ via Skype.

YOUR SISTER NAKED LOLZ.com

luciana — Fri, 09 Jan 2009 14:48:44 +0000

YOUR SISTER NAKED LOLZ.com is a clone of YOUR-MOTHER-NAKED-hahahaha.PIF Skype virus. Once Skype user opens YOUR SISTER NAKED LOLZ.com file, his account starts sending the same file to everyone on Skype Contacts.

YOUR SISTER NAKED LOLZ.com hides w32.SillyIM worm. It is also known as Backdoor.Win32.VB.ata.

YOUR SISTER NAKED LOLZ.com trojan is extremely dangerous. It should be deleted as soon as possible.

Worm.Doombot

Bryan Michael — Sat, 22 Dec 2007 18:35:18 +0000

Worm.Doombot is a known PC threat that clones itself by means of e-mail message attachments. Once Worm.Doombot infiltrates a computer, it will disable anti-virus and anti-spyware programs and it will create IRC backdoor to permit remote access of third party server domains. Also known as Mytob.NK and Foundu-A, Worm.Doombot can spread through various instant messaging applications and it will gain access to users’ e-mail contacts. It is recommended for PC users to get rid of the Worm.Doombot once computers are compromised.

Worm.Viking

Bryan Michael — Mon, 10 Dec 2007 18:55:23 +0000

Worm Viking spreads and replicates itself across networks. Worm.Viking will copy itself to various areas in your PC and prooves highly difficult to remove manually. On infection Worm Viking will include itself into Explorer.exe, Iexplore.exe and several of the main running process. To help avoid removal, Viking will endeavour to elliminate security adjective processes. To help with identifing this malicious worm you may notice sparatic changes to your PC volume. Worm Viking will continue to spread itself throughout a computer network until completely removed.

Worm Viking is also known as W32.Looked.P (Symantec), PE_LEGMIR.D-O (Trend Micro) Worm.Win32.

Worm.Navidad.A

Bryan Michael — Tue, 04 Dec 2007 19:45:59 +0000

Worm.Navidad.A is an Internet worm that usually spreads through e-mail messages. Worm.Navidad.A is also known as Watchit.intd and I-Worm_Navidad. Once it is activated on your computer, Worm.Navidad.A worm will attempt to propagate by emailing itself, as an attachment, to any email addresses that it can located on your computer. Early variants of Worm.Navidad.A after getting into users computer would not allow running any exe file. Sometimes, Worm.Navidad.A would show annoying pop-up messages.

Backdoor.Agobot.JR

Bryan Michael — Sat, 01 Dec 2007 19:35:01 +0000

Backdoor.Agobot.JR is a backdoor application. Backdoor.Agobot.JR gives unknown users access to your computer. A side effect is slower computer performance. Usually computers get infected while using IRC programs. Unknown users may send suspicious files or links and after clicking you will be infected. Because Backdoor.Agobot.JR uses IRC it is a very widely spread malware. Backdoor.Agobot.JR may also have the capability to spread over a network. It is advised to remove it immediately.

Worm.Spybot.JPB

Bryan Michael — Fri, 30 Nov 2007 20:25:15 +0000

Worm.Spybot.JPB is a type of worm that spreads via network shares. After installation, Worm.Spybot.JPB will create security holes that attackers could control your computer, install various malware applications, and access your documents. Worm.Spybot.JPB will load each time you start Windows, and can be used to launch denial of service attacks from your computer. Worm.Spybot.JPB is extremely dangerous, and poses a significant threat to the security of your PC.

Worm.Mydoom

Bryan Michael — Tue, 27 Nov 2007 21:08:06 +0000

Worm.Mydoom is worm that spreads through e-mail messages and sometimes may be bundled with other malware. After installation, Worm.Mydoom will copy itself to several locations, including peer to peer file sharing directories. At the same moment Worm.Mydoom will attempt to spread by emailing itself to all entries in your Outlook address book and IM messenger contact lists. Worm.Mydoom will also open a TCP connection on port 3127. This allows unauthorized access to the infected machine and malicious users could easily access your private information.

Blaster Worm

Bryan Michael — Tue, 06 Nov 2007 19:32:24 +0000

Blaster Worm attempts a Denial of Service on the Microsoft Windows Web server. This attempt is to prevent the user from applying a windows patch on your PC against the DCOM RPC vulnerability. The W32.Blaster.Worm will then exploit the DCOM RPC vulnerability via TCP port 135. Blaster Worm will then attempt to download the file msblast.exe to the windowscomputer32 directory then execute.