VBS/Psyme
VBS/Psyme is a malicious computer Trojan that can spread via infected video codec downloads. Once VBS/Psyme is active it will create a start-up registry entry to ensure that it is executed when the PC is restarted. VBS/Psyme may also modify certain registry keys in order to block certain Windows services from running. VBS/Psyme should be removed with an effective security tool as soon as it has been detected.
File System Modifications
- The following files were created in the system:
# File Name 1 %AppData%\%ComputerName%.exe 2 %CommonDesktopDir%\Funshion Movie on Demand.lnk 3 %CommonPrograms%\Funshion\Download more decoders.lnk 4 %CommonPrograms%\Funshion\FAQ.lnk 5 %CommonPrograms%\Funshion\Funshion Movie on Demand.lnk 6 %CommonPrograms%\Funshion\Uninstall Funshion Movie on Demand.lnk 7 %CommonPrograms%\Funshion\Update History.lnk 8 %CommonPrograms%\Funshion\What's Funshion.lnk 9 %CommonPrograms%\Startup\qq.vbs 10 %Temp%\[filename of the sample #1]
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}%ProgramFiles%\Kingsoft\PowerWord PE\plugin\WikiQuery%ProgramFiles%\Kingsoft\PowerWord PE\plugin\localquery\dictdata%ProgramFiles%\Kingsoft\PowerWord PE\plugin\netindex%ProgramFiles%\Kingsoft\PowerWord PE\plugin\netquery%ProgramFiles%\Kingsoft\PowerWord PE\plugin\situationsentence%ProgramFiles%\Kingsoft\PowerWord PE\plugin\spellsuggest%ProgramFiles%\Kingsoft\PowerWord PE\skin%ProgramFiles%\Kingsoft\PowerWord PE\styles%ProgramFiles%\Kingsoft\PowerWord PE\templete%ProgramFiles%\Kingsoft\PowerWord PE\templete\images
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.