This post is to warn our users about an old type of infection, which is surely still active these days. This malware is named (classified) by various security labs differently, but generally this can be summarized to two different names – Worm:Win32/Dorkbot.A or Trojan.Win32.Scar.drih. This is a certain type of computer worm that is distributed through instant messaging and jump drives. It also has some backdoor functionality that lets unauthorized access and control of the compromised system. This particular worm may be spread through compromised or infected websites by means of PDF exploits or particular browser exploits.
Upon successful execution Worm:Win32/Dorkbot.A copies itself into the %AppData% directory by means of randomly generated 6 letter file name (for example, “ozkqke.exe”). It amends several registry entries to execute this file at each Windows startup. The worst thing about this type of infection is that it can block user access to several security sites with the following strings in their domain name:
if your system got attacked by this type of malware infection, please scan your system immediately with the help of a reliable security application downloadable below.