Home Malware Programs Worms W32.Pykspa.E

W32.Pykspa.E

Posted: December 14, 2009

W32.Pykspa.E is a malicious computer worm which propagates via Skype Instant Messenger. Worm W32.Pykspa.E is also programmed to collect confidential information from infected computers and send it to hackers. W32.Pykspa.E can open a backdoor to allow other malware entry to the compromised system. W32.Pykspa.E poses a high risk to PC security and should be removed on detection.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %System%\[RANDOM FILE NAME].exe
    2 %Temp%\[RANDOM FILE NAME].exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\RunOnce\"[RANDOM FILE NAME]" = "%Temp%\[RANDOM FILE NAME].exe."HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\RunOnce\"[RANDOM FILE NAME]" = "[RANDOM FILE NAME].exe."HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\"[RANDOM FILE NAME]" = "%Temp%\[RANDOM FILE NAME].exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\"[RANDOM FILE NAME]" = "[RANDOM FILE NAME].exe"HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\RunOnce\"[RANDOM FILE NAME]" = "%Temp%\[RANDOM FILE NAME].exe."HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\RunOnce\"[RANDOM FILE NAME]" = "[RANDOM FILE NAME].exe."HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\Run\"[RANDOM FILE NAME]" = "%Temp%\[RANDOM FILE NAME].exe"HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\Run\"[RANDOM FILE NAME]" = "(ramdom).exe"HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\policies\Explorer\Run\"[RANDOM FILE NAME]" = "%Temp%\(ramdom).exe"HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\policies\Explorer\Run\"[RANDOM FILE NAME]" = "[RANDOM FILE NAME].exe"
Loading...