W32.Pykspa.E
W32.Pykspa.E is a malicious computer worm which propagates via Skype Instant Messenger. Worm W32.Pykspa.E is also programmed to collect confidential information from infected computers and send it to hackers. W32.Pykspa.E can open a backdoor to allow other malware entry to the compromised system. W32.Pykspa.E poses a high risk to PC security and should be removed on detection.
File System Modifications
- The following files were created in the system:
# File Name 1 %System%\[RANDOM FILE NAME].exe 2 %Temp%\[RANDOM FILE NAME].exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\RunOnce\"[RANDOM FILE NAME]" = "%Temp%\[RANDOM FILE NAME].exe."HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\RunOnce\"[RANDOM FILE NAME]" = "[RANDOM FILE NAME].exe."HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\"[RANDOM FILE NAME]" = "%Temp%\[RANDOM FILE NAME].exe"HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\"[RANDOM FILE NAME]" = "[RANDOM FILE NAME].exe"HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\RunOnce\"[RANDOM FILE NAME]" = "%Temp%\[RANDOM FILE NAME].exe."HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\RunOnce\"[RANDOM FILE NAME]" = "[RANDOM FILE NAME].exe."HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\Run\"[RANDOM FILE NAME]" = "%Temp%\[RANDOM FILE NAME].exe"HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\Run\"[RANDOM FILE NAME]" = "(ramdom).exe"HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\policies\Explorer\Run\"[RANDOM FILE NAME]" = "%Temp%\(ramdom).exe"HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\policies\Explorer\Run\"[RANDOM FILE NAME]" = "[RANDOM FILE NAME].exe"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.