SoftwareTipsandTricks.com
Home Forums Windows 7 Security Tips
Forums

Windows 7
Windows Vista
Windows XP

Security Tips
Troubleshooting
Keyboard Shortcuts
Encyclopedia


Drivers

Internet Terms
Computer Terms

File Extensions (75)
File Extensions (15K+)

Startup Applications
Necessary Files
Useless Files
At Your Option Files
Dangerous Files
Browser Objects

DLL Files
SYS Files
INF Files
OCX Files
VXD Files

Virus Database
Virus Warnings

Easter Eggs
Tips and Tricks
Articles
Hot Downloads


Privacy Policy
Contact Us







  fvprotect.exe

Name fvprotect.exe

Description

I-Worm.Netsky.q
This worm spreads via the Internet as an attachment to infected messages.

The worm copies itself to the Windows directory under the name fvprotect.exe and registers this file in the system registry autorun key:
[ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norton Antivirus AV" = %windir\fvprotect.exe
The worm also creates a file named userconfig9x.dll in the Windows directory, and files with the following names:
zipped.tmp, base64.tmp, zip1.tmp, zip2.tmp, zip3.tmp

These files are copies of the worm in UEE format and ZIP archives containing copies of the worm.
Files within the archive will have names chosen from the following list:
document.txt.exe, data.rtf.scr, details.txt.pif
The worm searches for files with some extensions and sends copies of itself to email addresses harvested from these files.
The worm also attempts to establish a direct connection to the message recipient's server.
Infected messages contain random combinations of the sender's address, message header and body.
There is a wide range of potential attachment names.
The attached file often has a dual extension, with the first extension being .doc or .txt, and the second being one from the following list:
exe, pif, scr, zip. The worm is also able to send itself as a ZIP archive.

The worm may send messages which contain the IFRAME Exploit, in the same way that Klez.h and Swen did.
When this happens, if the message is viewed using a vulnerable mail client, the archive file containing the worm will be launched automatically.

If the worm finds some keys in the system registry key
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
it will delete them.
It will also delete the keys 'system', 'Video'
from HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
and the key values, created by I-Worm.Bagle.

Use antivirus (also check How To Remove section)Startup Optimizer to remove it from startup.


Still have a problem? Ask for help at our discussion forum.



Search Dangerous Files :
 

: : Recent posts at Forums : :

tdtxiurfvz

lntfpehxzn

Купить виагру

ixbyltxlmx

[url=https://zavety-ilicha.advokaty-onlajn.ga/grazhdanskiedela/829-187-statya-gr

fbreloexvp

nocxcwentj

pnyxwpdfqq

yshineouyh

bryrehzgmf

Установка и р&

vonfuveyma

cebyebshrd

zcxdrmuori

Unencumbered galleries

wplnhltylp

Full-grown galleries

qadouevfzq

anixfensxe

hopbyelgom

lvlbrfcsfn

jtqidnimxe

zsylymzlxb

kjhnosugxq

zmiburwqem

fxnbelplcg

ezvxdhfspb

hkddlxgjoz

xwheerupjo

brizhxiney




SoftwareTipsandTricks, All Rights Reserved.