W32.Spacefam
W32.Spacefam is a dangerous computer worm which poses a severe threat to PC security. W32.Spacefam deletes all cookies on internet browsers and has the ability to contact to the specified URL and download malicious files onto the system. This worm collects login detailed information when users log into social media sites, especially Facebook. Then it sends all data to a remote hacker for malicious purposes like identity theft. For the safety of your computer, W32.Spacefam should be terminated immediately once it has been detected.
File System Modifications
- The following files were created in the system:
# File Name 1 %Temp%\[RANDOM CHARACTERS].tmp 2 %UserProfile%\Application Data\[RANDOM CHARACTERS 1].exe 3 %UserProfile%\Application Data\[RANDOM CHARACTERS 2].exe 4 %Windir%\Tasks\fbagent.job 5 %Windir%\Temp\[RANDOM CHARACTERS 1].tm 6 %Windir%\Temp\[RANDOM CHARACTERS 2].tmp
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\facebookHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[RANDOM CHARACTERS 1].exe" = "%UserProfile%\Application Data\[RANDOM CHARACTERS 1].exe"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.