Pexmor
Pexmor is an Internet worm that propagates by e-mail in messages with infected attachments. Once the user opens such an attachment, the spyware installs itself to the computer and runs a spreading routine. Pexmor uses its own mail engine to send malicious letters to numerous addresses. It also prevents some installed software from running on Windows startup. Although the worm doesn't carries any destructive payload, its activity may severely degrade overall computer performance and Internet connection speed. Pexomor secretly runs on every Windows startup or whenever the user composes an e-mail message.
File System Modifications
- The following files were created in the system:
# File Name 1 bailando.vbe 2 desktop.ini 3 folder.htm 4 lsass.exe 5 msmsgs.exe 6 officehost.vbs 7 sen.bat 8 sexo.pif 9 svchost.exe 10 winword.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}HKEY_CURRENT_USERIdentities[VARIABLENAME]SoftwareMicrosoftOutlookExpress5.0MailComposeUseStationery=1HKEY_CURRENT_USERIdentities[VARIABLENAME]SoftwareMicrosoftOutlookExpress5.0MailStationeryName=%Windir%Tempfolder.htmHKEY_CURRENT_USERIdentities[VARIABLENAME]SoftwareMicrosoftOutlookExpress5.0MailWideStationeryName=%Windir%Tempfolder.htmHKEY_CURRENT_USERSoftwareMicrosoftOffice10.0CommonMailSettingsNewStationeryHKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunNortonAntivirus=%Windir%Tempofficehost.vbsHKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRunOfficeQuickAccess=%Windir%Tempofficehost.vbsHKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRunNortonAntivirus=%Windir%Templsass.exe
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.