|W32/Forlorn-D is a peer-to-peer (P2P) worm that spreads through the KaZaA and Morpheus network sharing utilities.
When first executed the worm copies itself as EXECFG4.EXE in the Windows folder and sets the following registry entry to the path of this copy so the worm will be executed when the Windows is restarted:
The worm queries the following registry entries searching for a folder that is shared across the KaZaA and Morpheus networks:
If a value is not found then the folder C:\\SysConfig is used.
Seventy three copies of the worm are created in this folder with the different filenames, such as:
[DiVX] Harry Potter And The Sorcerors Stone Full Downloader.exe
Age of empires 2 crack.exe
Borland Delphi 6 Key Generator.exe
Britney spears nude.exe
DivX codec v6.0.exe
Microsoft Windows XP crack pack.exe
Windows XP serial generator.exe
Winrar + crack.exe
ZoneAlarm Firewall Full Downloader.exe
Use antivirus (also check How To Remove section)Startup Opimizer for removal.
Still have a problem? Ask for help at our discussion forum.