W32.Murtinda
W32.Murtinda is a computer worm that is able to connect to a remote server to update itself. Usually W32.Murtinda spreads by making copies of the files autorun.inf and Love-Story.exe on any removable drives. Once W32.Murtinda invades the targeted computer system, registry will be set at risk so as the start-up process. W32.Murtinda also disables certain Windows functionalities to block it from manual removal and troubleshooting. You should remove W32.Murtinda immediately upon detection to prevent system harm.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:%ProgramFiles%\run.ini
File name: %ProgramFiles%\run.iniMime Type: unknown/ini
%ProgramFiles%\avupdate.exe
File name: %ProgramFiles%\avupdate.exeFile type: Executable File
Mime Type: unknown/exe
%DriveLetter%\autorun.inf
File name: %DriveLetter%\autorun.infMime Type: unknown/inf
%DriveLetter%\Love-Story.exe
File name: %DriveLetter%\Love-Story.exeFile type: Executable File
Mime Type: unknown/exe
%SystemDrive%\av.sys
File name: %SystemDrive%\av.sysFile type: System file
Mime Type: unknown/sys
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\"CheckedValue" = "0"HKEY_CURRENT_USER\Software\Microsoft\"C0d3R" = "MADE IN INDIA.@AzUtRuM@î"HKEY_CURRENT_USER\Software\Microsoft\C0d3R\"C0d3R__INFO" = "hey sniffer"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\"CleanShutdown" = "0?HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\"HideFileExt" = "1"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\"Anti-Virus Update" = "%ProgramFiles%\avupdate.exe"
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.