Home Malware Programs Worms P2P-Worm.Win32.Palevo.aivf

P2P-Worm.Win32.Palevo.aivf

Posted: July 1, 2011

P2P-Worm.Win32.Palevo.aivf is a worm that uses a variety of means to spread duplicates of itself to new computers. P2P-Worm.Win32.Palevo.aivf may launch itself automatically and can attack even the most up to date versions of Windows. The exact effects of any P2P-Worm.Win32.Palevo.aivf attack may vary, but P2P-Worm.Win32.Palevo.aivf has been linked to Trojans that attack security and P2P-Worm.Win32.Palevo.aivf's presence may indicate the possibility of a Backdoor on your PC. Due to the danger involved in a Backdoor security attack, you should take no chances and remove P2P-Worm.Win32.Palevo.aivf from your PC with the best possible anti-virus software.

The Many Routes That P2P-Worm.Win32.Palevo.aivf May Take to Infect Your PC

As a worm, P2P-Worm.Win32.Palevo.aivf will not infect native files, but P2P-Worm.Win32.Palevo.aivf may create duplicates of itself in multiple locations. Standard worm-related infection techniques include:

  • Placing copies of itself in a removable drive. P2P-Worm.Win32.Palevo.aivf can couple this with Autorun-based vulnerabilities, to install itself on any computer that accesses the removable drive device.
  • Placing copies of itself in locations that are shared over a network. This allows P2P-Worm.Win32.Palevo.aivf to spread to any network-linked computer using exploits similar to the one noted above.
  • Emailing copies of itself as attachments or links. P2P-Worm.Win32.Palevo.aivf email messages may not appear in your mailbox due to the use of an internal email client.
  • P2P-Worm.Win32.Palevo.aivf has also been indicated to spread through peer-to-peer file-sharing networks. This can include torrents, as well as servers that are used by various popular file-sharing applications. In this case, P2P-Worm.Win32.Palevo.aivf is likely renamed to resemble a harmless file like a popular song audio track.

The rapidly-reproducing nature of a P2P-Worm.Win32.Palevo.aivf infection makes deleting P2P-Worm.Win32.Palevo.aivf manually an impractical option. In most cases, P2P-Worm.Win32.Palevo.aivf should be removed with a little help from an anti-virus software.

The Danger in Any P2P-Worm.Win32.Palevo.aivf Infection

Your hard drive will be cluttered with multiple copies of themselves by Worms like P2P-Worm.Win32.Palevo.aivf and will often launch automatically via Registry exploits. P2P-Worm.Win32.Palevo.aivf is confirmed to be able to attack most versions of Windows, including Windows 7, as well as older versions of the OS like Windows XP.

Although P2P-Worm.Win32.Palevo.aivf's full capabilities haven't been documented, P2P-Worm.Win32.Palevo.aivf is noted to bear a resemblance to Backdoor Trojans that attack your security. Signs of Backdoor attacks may consist of:

  • Open network ports and other changed system settings.
  • Disabled security programs, particularly the Windows Firewall. In cases where P2P-Worm.Win32.Palevo.aivf hasn't disabled the firewall P2P-Worm.Win32.Palevo.aivf may have created an exception for itself instead.
  • The presence of unusual files or system behavior that are caused by P2P-Worm.Win32.Palevo.aivf letting remote criminals control your PC. This is often done with the help of a RAT or Remote Administration Tool.

All of these problems and others may be caused by P2P-Worm.Win32.Palevo.aivf, which may be configured to steal passwords or cause your PC to self-destruct. The potentially urgent nature of any P2P-Worm.Win32.Palevo.aivf infection means that putting off removing P2P-Worm.Win32.Palevo.aivf till tomorrow is a risky idea, at best.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %Documents and Settings%\[UserName]\Start Menu\ About.lnk
    2 %UserProfile%\Application Data\antispy.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Malware DefenseHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System 'DisableTaskMgr' = '1'HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnceHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce 'SelfdelNT'HKEY_LOCAL_MACHINE\SOFTWARE\Paladin AntivirusHKEY..\..\..\..{RegistryKeys}HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
Loading...