Feb 7, 2009

XPLORER.EXE

XPLORER.EXE
xplorer.exe
Xplorer.exe is W32.Romariory@mm.
W32.Romariory@mm is a mass-mailing worm that spreads through removable devices and network shares. It masquerades as the Super Mario Brothers game.
Related files:
%Windir%\winlogon.exe
%System%\msvbvm60.dll.exe
C:\explorer.exe
%UserProfile%\Application Data\Emma.exe
%UserProfile%\Application Data\Alisa.exe
%UserProfile%\My Documents\Mario Bross.exe
%UserProfile%\My Documents\Solitaire Card.exe
%UserProfile%\My Documents\Minesweeper.exe
%System%\PANGKALP1NANG.EXE
%System%\SMUNSA_PKP_GAME.EXE
C:\Documents and Settings\All Users\Documents\Bola Pantul.exe
C:\Documents and Settings\All Users\Documents\MyHearts.exe
C:\Documents and Settings\All Users\Documents\FreeCard.exe
%SystemDrive%\Game\Minesweeper.exe
%SystemDrive%\Game\My Heart.exe
%SystemDrive%\Game\Bola.exe
%SystemDrive%\Game\Kartu.exe
%SystemDrive%\Game\Legend.exe
%SystemDrive%\Game\Smart.exe
%SystemDrive%\Game\Crazy Mouse.exe
%SystemDrive%\Game\Text Animation.exe
%SystemDrive%\Game\Pink Panther.exe
%SystemDrive%\Game\Start Hide.exe
%SystemDrive%\Game\XP Button.exe
%SystemDrive%\Game\Goncang.exe
%SystemDrive%\Game\Kelap Kelip.exe
%SystemDrive%\Game\Layar Jatuh.exe
%SystemDrive%\Game\Dark Screen.exe
%SystemDrive%\Mario.exe
%UserProfile%\Application Data\Emira.ini
%UserProfile%\Application Data\Aliciana.htt
%Windir%\Tasks\At1.job (a scheduled task to run the worm everyday at a specified time)
%Temp%\inf[RANDOM].tmp (a clean copy of the Super Mario Brothers game)
C:\Program Files\mario.exe (clean copy of the Super Mario Brothers game)
%SystemDrive%\xplorer.exe
%SystemDrive%\desktop.ini
%SystemDrive%\Alicia.htt
Read more: http://www.symantec.com/enterprise/secur...
Kill the process xplorer.exe and remove xplorer.exe from Windows startup using RegRun Reanimator.
http://www.regrun.com

Removal: xplorer.exe is removed by RegRun.

No comments:

Post a Comment