Virus proslikefan

It achieves this by retrieving the system information using the Windows Management Instrumentation interface and verifies the same against known virtualization systems. The worm hides itself from the victim, by using standard registry modifications techniques that are widely employed by most malicious software.

It also places a copy of itself in the startup folder. It looks into specific locations for stored FTP passwords and user names. It keeps enumerating all running processes at regular intervals and tries to terminate any security software related process. To spread across to other computers, the worm uses the autorun technique.

It waits for a removable drive to be connected on the infected computer. Broken or oddly phrased English. The message is not addressed to a specified recipient, instead it is addressed to the 'account holder' or uses another generic title. If your computer has been infected, it may dramatically slow down.

Other signs that your computer has been infected include new desktop icons, new wallpaper or your default homepage is redirected to another site. Don't even click on the cross to delete the pop-up alert as this may result in getting more pop-ups. Use reputable pop-up blocker software to avoid pop-ups on your computer.

Keep your computer updated with the latest anti-virus and anti-spy ware software. Also use a good firewall. NEVER open email attachments unless you can verify the sender and you trust them. This may be because non-PE format introduces a level of freedom when the attacker needs to modify a specific module in the script.

It can be freely spammed out via email unlike executable which would get filtered out. Initial versions of this worm had just one level of encryption, and then it went on to being a multi-level obfuscated script. Text files unlike PE binaries do not have a fixed structure, making detection a bit more complex. Even then they are detectable. If you want to subscribe to our monthly newsletter, please submit the form below. You must be logged in to post a comment.

Lab Blog Vulnerability Information. More Back. This reduces readability by a large extent Figure 1: Image Showing a Single Line of Script with Around 40K Characters From the screenshot above it is evident that the script contains just one line of forty four thousand and odd characters The script heavily uses some random strings for variable names, sized at characters they seem to be uniform but are not.

Now consider this: Figure 4: Immediately-Invoked Function Expression Here the expression and invocation happen simultaneously. There are no common symptoms associated with this threat. Alert notifications from your security software may be the only symptoms. Send us feedback. Tell us about your experience. Published May 24, Updated Sep 15, Learn about other threats. Summary Windows Defender detects and removes this threat.

What to do now To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution.