Worm.Phorpiex.M
Posted: September 25, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 5/10 |
|---|---|
| Infected PCs: | 1,155 |
| First Seen: | September 25, 2012 |
|---|---|
| OS(es) Affected: | Windows |
Worm:Win32/Phorpiex.M uses worm-based functions to distribute itself through both spam e-mail messages and removable drives, with its final payload including the compromise of any infected PC's security for the sake of allowing a remote attacker to gain control. Worm:Win32/Phorpiex.M may install other types of PC threats and will make specific efforts towards dismantling your computer's firewall security features. Since Worm:Win32/Phorpiex.M is both a worm and a backdoor Trojan, SpywareRemove.com malware experts rate Worm:Win32/Phorpiex.M as a high-level PC threat and encourage the isolation of your PC (to prevent Worm:Win32/Phorpiex.M from spreading), followed by removing Worm:Win32/Phorpiex.M with any suitably sophisticated brand of anti-malware product.
Why Worm:Win32/Phorpiex.M will not Look 'So Beautiful' On Your Hard Drive
Worm:Win32/Phorpiex.M's most identifiable distribution mechanism uses spam e-mail messages that are sent through already-compromised PCs in its botnet, with its probable targets including any e-mail addresses that can be harvested from these PCs. E-mails that carry Worm:Win32/Phorpiex.M disguise their ZIP-archived Worm:Win32/Phorpiex.M attachments as some form of personal photograph, with any of over a dozen tag lines used to make it look like a normal e-mail from an acquaintance. SpywareRemove.com malware researchers also warn that, even after Worm:Win32/Phorpiex.M is installed, Worm:Win32/Phorpiex.M will name some of its components to resemble Windows files, and can hide copies of itself by changing your file-viewing settings.
However, SpywareRemove.com malware researchers consider Worm:Win32/Phorpiex.M's primary attack its backdoor function, which lets criminals use an IRC-based C&C server to control your computer and send Worm:Win32/Phorpiex.M commands. With the appropriate instructions, Worm:Win32/Phorpiex.M may install other forms of malware, gather a limited amount of information about your PC, create firewall vulnerabilities via Registry changes or even uninstall itself.
Perhaps most importantly for SpywareRemove.com malware analysts like our own, Worm:Win32/Phorpiex.M also attempts to avoid being analyzed in sandbox-protected virtual environments. If Worm:Win32/Phorpiex.M is launched from within a VE machine, Worm:Win32/Phorpiex.M will terminate itself. Conveniently, any casual PC users also may use sandbox utilities to protect their PCs from Worm:Win32/Phorpiex.M and comparable PC threats.
Getting All Signs of the Worm:Win32/Phorpiex.M Infestation Out of the Way
Many worms also use local networks and removable hard drive (USB devices, etc.) to distribute themselves, and Worm:Win32/Phorpiex.M also abuses this well-defined worm strategy. If you're using a Worm:Win32/Phorpiex.M-infected PC, SpywareRemove.com malware experts heartily endorse the total prevention of any network or removable HD-based contact with other PCs until you've removed all copies of Worm:Win32/Phorpiex.M. Worm:Win32/Phorpiex.M will use basic file-viewing settings changes to conceal its copies and, whenever convenient, install itself on an uninfected computer automatically.
While Worm:Win32/Phorpiex.M is a generalized PC threat with broad attack functions (rather than the specific risks associated with specialized PC threats, such as a banking Trojan), the risks posed by a Worm:Win32/Phorpiex.M infection never should be underestimated. Competent and updated anti-malware applications always should be utilized for disinfecting Worm:Win32/Phorpiex.M, which will try to avoid being detected or deleted if at all possible.
Worm:Win32/Phorpiex.M's aliases include PWS-Zbot.gen.ary, Trojan.Win32.Jorik.IRCbot.waj, BackDoor.IRC.Bot.2232, Trojan-PWS.Win32.Fareit, Troj/IRCbot-AKR and WORM_PHORPIEX.JZ.
Aliases
More aliases (405)
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%USERPROFILE%\M-1-52-5782-8754-5245\winsam.exe
File name: winsam.exeSize: 204.3 KB (204309 bytes)
MD5: 318495087c84ea2046d70a6a434b3458
Detection count: 295
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\M-1-52-5782-8754-5245
Group: Malware file
Last Updated: October 29, 2012
%USERPROFILE%\M-100-4085-5427-4678\winmgr.exe
File name: winmgr.exeSize: 12.8 KB (12800 bytes)
MD5: 0158c786fb16bc25d4831da28a2ecd3a
Detection count: 164
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\M-100-4085-5427-4678
Group: Malware file
Last Updated: October 8, 2012
%USERPROFILE%\6438640620394286720310355\winsvc.exe
File name: winsvc.exeSize: 66.56 KB (66560 bytes)
MD5: 838c520f8af4d864f6be405e2d3fe3f8
Detection count: 126
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\6438640620394286720310355
Group: Malware file
Last Updated: February 6, 2013
%USERPROFILE%\5799075276896\winsvc.exe
File name: winsvc.exeSize: 60.41 KB (60416 bytes)
MD5: efcfec9fd269cb811c4a0c22555e18fb
Detection count: 80
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\5799075276896
Group: Malware file
Last Updated: December 3, 2012
%USERPROFILE%\S-80-5849-4992-4820\winmgr.exe
File name: winmgr.exeSize: 74.75 KB (74752 bytes)
MD5: 9bfc1e10c5a08c55f1848b99b3081b8e
Detection count: 68
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\S-80-5849-4992-4820
Group: Malware file
Last Updated: March 12, 2013
%USERPROFILE%\68956435567898775\winsvc.exe
File name: winsvc.exeSize: 63.48 KB (63488 bytes)
MD5: 4fe6274ef460b05bb65d46cd294540a8
Detection count: 63
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\68956435567898775
Group: Malware file
Last Updated: January 28, 2013
%USERPROFILE%\M-500-7469-9976-4678\winmgr.exe
File name: winmgr.exeSize: 19.96 KB (19968 bytes)
MD5: e38d1284198a760cc8a16e5f76881156
Detection count: 59
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\M-500-7469-9976-4678
Group: Malware file
Last Updated: January 23, 2013
%USERPROFILE%\M-1-52-5782-8754-5245\winsam.exe
File name: winsam.exeSize: 199.16 KB (199169 bytes)
MD5: 8069cd7e4383681d8b96055c52a74caf
Detection count: 55
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\M-1-52-5782-8754-5245
Group: Malware file
Last Updated: January 5, 2013
%USERPROFILE%\uihiugigzugi\winsvn.exe
File name: winsvn.exeSize: 59.39 KB (59392 bytes)
MD5: 42729638d444f1808017895d2af9bee0
Detection count: 43
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\uihiugigzugi
Group: Malware file
Last Updated: March 12, 2013
%USERPROFILE%\S-800-5786-8593-7654\winmgr.exe
File name: winmgr.exeSize: 79.87 KB (79872 bytes)
MD5: f0af1fbf13b37280d184db5f1594c0d8
Detection count: 42
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\S-800-5786-8593-7654
Group: Malware file
Last Updated: April 2, 2013
%USERPROFILE%\M-50-8964-7854-4678\winmgr.exe
File name: winmgr.exeSize: 213.5 KB (213504 bytes)
MD5: 33cdb19b65c16a8c61a380d1f77b35a7
Detection count: 37
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\M-50-8964-7854-4678
Group: Malware file
Last Updated: September 25, 2012
%USERPROFILE%\5799075276896\winsvc.exe
File name: winsvc.exeSize: 59.9 KB (59904 bytes)
MD5: bb9fdc881181bd2596cd4e31ecb874ba
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\5799075276896
Group: Malware file
Last Updated: December 3, 2012
%USERPROFILE%\68776576478877\winsvc.exe
File name: winsvc.exeSize: 73.21 KB (73216 bytes)
MD5: 68ce4e454235171ccf4216db9a9f7e9d
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\68776576478877
Group: Malware file
Last Updated: April 2, 2013
%USERPROFILE%\M-100-4085-5427-4678\winmgr.exe
File name: winmgr.exeSize: 12.8 KB (12800 bytes)
MD5: d87f5bd945f1fd82c908cee7d8bbaa90
Detection count: 28
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\M-100-4085-5427-4678
Group: Malware file
Last Updated: February 6, 2013
%USERPROFILE%\S-10-5765-8772-1584\winmgr.exe
File name: winmgr.exeSize: 75.26 KB (75264 bytes)
MD5: 32c6b18de6bd8029952585d1546cc58c
Detection count: 28
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\S-10-5765-8772-1584
Group: Malware file
Last Updated: February 22, 2013
%USERPROFILE%\6548976345796426782\winsvc.exe
File name: winsvc.exeSize: 66.04 KB (66048 bytes)
MD5: f3542c477327d15eeca745530a63cffd
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\6548976345796426782
Group: Malware file
Last Updated: January 14, 2013
%USERPROFILE%\S-500-9430-5849-2045\winmgr.exe
File name: winmgr.exeSize: 77.31 KB (77312 bytes)
MD5: f7d4eb4c0eb3caa1d6f9d95a32e737c4
Detection count: 26
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\S-500-9430-5849-2045
Group: Malware file
Last Updated: April 22, 2013
%USERPROFILE%\M-1-52-5782-8754-5245\winsam.exe
File name: winsam.exeSize: 49.66 KB (49664 bytes)
MD5: 9775719c20f8fc7d469ea54aee9b97d3
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\M-1-52-5782-8754-5245
Group: Malware file
Last Updated: January 2, 2019
%USERPROFILE%\7942561086483567\winsvc.exe
File name: winsvc.exeSize: 65.53 KB (65536 bytes)
MD5: c2ab5d3b8095a523c4b9b64e8d69f025
Detection count: 12
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\7942561086483567
Group: Malware file
Last Updated: February 22, 2013
%USERPROFILE%\M-10-7578-88h-555h5\supdude.exe
File name: supdude.exeSize: 24.57 KB (24576 bytes)
MD5: 714aa911415cb4cff43436b751c6a97b
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\M-10-7578-88h-555h5
Group: Malware file
Last Updated: May 8, 2013
%USERPROFILE%\M-1-52-5782-8754-5245\winsam.exe
File name: winsam.exeSize: 181.24 KB (181248 bytes)
MD5: 84bd9d57002348fff2bde365a3e2bced
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\M-1-52-5782-8754-5245
Group: Malware file
Last Updated: March 21, 2013
%USERPROFILE%\M-87-78985-6027-77788\winsvcr.exe
File name: winsvcr.exeSize: 14.33 KB (14336 bytes)
MD5: 4e10ef2eea4e158924394f1c93028deb
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\M-87-78985-6027-77788
Group: Malware file
Last Updated: October 5, 2012
Additional Information
| # | Message |
|---|---|
| 1 | Attachment: -JPG.scr” contained within a ZIP file, for example, “0540435562-JPG.zip” Subject (any of the following): I cant believe I still have this picture I love your picture! Is this you?? Picture of you??? Should I upload this picture on facebook? Someone showed me your picture Someone told me it’s your picture Take a look at my new picture please Tell me what you think of this picture This is the funniest picture ever! What do you think of my new hair What you think of my new hair color? What you think of this picture? You look so beautiful on this picture You should take a look at this picture Your photo isn’t really that great |
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.