Home Malware Programs Worms W32.Seswol.B

W32.Seswol.B

Posted: March 21, 2013

Threat Metric

Ranking: 13,320
Threat Level: 1/10
Infected PCs: 150
First Seen: March 21, 2013
Last Seen: October 13, 2023
OS(es) Affected: Windows

W32.Seswol.B is a worm that proliferates through removable drives and encrypts certain files on the compromised PC. When W32.Seswol.B is executed, it creates the potentially malicious files on all connected removable drives. W32.Seswol.B creates the registry entry. W32.Seswol.B also creates the registry entry so that it can run automatically every time Windows is started. W32.Seswol.B encrypts all files whose extension is not '.sys' on all drives, except for files located on C: drive.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



[DRIVE LETTER]:\autorun.INF File name: [DRIVE LETTER]:\autorun.INF
Mime Type: unknown/INF
Group: Malware file
[DRIVE LETTER]:\Setup.EXE File name: [DRIVE LETTER]:\Setup.EXE
File type: Executable File
Mime Type: unknown/EXE
Group: Malware file
%System%\SVCHOST32.EXE File name: %System%\SVCHOST32.EXE
File type: Executable File
Mime Type: unknown/EXE
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\"MyDate" = "[DATE]"

Additional Information

The following URL's were detected:
searcheira.com
Loading...