W32.Harakit
W32.Harakit is a malevolent worm that spreads itself through network shares and online chat functions typically instant messengers. W32.Harakit hatches copies of itself on each removable drive it discovers. The Harakit worm deletes particular registry entries in order to lower your computer's security settings and remain concealed. The danger with the W32.Harakit worm lies in your computer becoming vulnerable and exposed to hackers who can steal your sensitive personal and financial information. This could cause you major problems such as identity theft and financial loss.
If you suspect that your computer is infected with W32.Harakit, use a reliable anti-spyware software to remove the infection.
File System Modifications
- The following files were created in the system:
# File Name 1 %System%\cftm.exe 2 %System%\cftmen.exe 3 %SystemDrive%\khq 4 %SystemDrive%\khr
Registry Modifications
- The following newly produced Registry Values are:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\"cftm" = "C:\WINDOWS\system32\cftm.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"cftm" = "C:\WINDOWS\system32\cftm.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ Run\"cftm" = "C:\WINDOWS\system32\cftm.exe"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ Run\"csrcs" = "C:\WINDOWS\system32\csrcs.exe"
I wonder if this can cause my hard drive (USB) failure?