W32.Holar
This worm uses Outlook to send out copies of itself as an attachment in email to all the recepients in the Outlook address book. This email contains no message and has a variable subject, which is also the filename of the attached malware copy. The email attachment uses the file extension, PIF.
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{RegistryKeys}Browsetothekey:Deletesubkeys:HKEY_LOCAL_MACHINESoftwareMicrosoftHolyWarHKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServicesHKEY_LOCAL_MACHINESoftwareMicrosoftWindowsHolyWarandMyLifeC:\%System%CmdServ.exe
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.