W32.Spyrat Description

W32.Spyrat is an information stealing computer worm which cause major problems for the targeted victim. W32.Spyrat scans your PC for passwords, particularly for online banking, and will steal these passwords and send them to malicious hackers. W32.Spyrat will attempt to intercept and transmit your Instant Messaging sign-in information, other cached Windows passwords, and email account passwords. W32.Spyrat is extremely dangerous and should be removed immediately. Symptoms of this cyber attack include system depreciation, stange files appearing on the desktop as well as personal files being stolen, and eventually the system will crash leaving you without access to your PC.

Experts recommend using a reliable anti malware program to make your PC is free from all threats.

» Learn more about SpyHunter's Spyware Detection Tool
and steps to uninstall SpyHunter.

Manual removal of W32.Spyrat is possible but complex, and if the user is not adept at the technical side of PC engineering then experts strongle suggest using an automatic malware remover.

W32.Spyrat Automatic Detection Tool (Recommended)

Is your PC infected with W32.Spyrat? To safely & quickly detect W32.Spyrat we highly recommend you run the malware scanner listed below.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %System%\install\server.exe
    2 %System%\wbem\Performance\WmiApRpl_new.ini
    3 %Temp%\Windows 7 Validation.exe
    4 %Temp%\Windows Update.dat
    5 %Temp%\Windows Update.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RunHKEY_CURRENT_USER\Software\NoxiousAgentHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{X22A05IH-EVVT-MRI6-7B8E-5J057P0N0G1C}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ExplorerHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
Posted: January 20, 2011 | By
Rate this article:
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading ... Loading ...
Threat Metric
Threat Level: 5/10

Leave a Reply

What is 11 + 5 ?
Please leave these two fields as-is:
IMPORTANT! To be able to proceed, you need to solve the following simple math (so we know that you are a human) :-)