Worm:Win32/Phorpiex.M virus removal

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Worm:Win32/Phorpiex.M is a serious virus that strikes computers these days. Be very careful with it. This is how Microsoft Security Essentials detects it. Actually, you will not probably see the windows with such virus title. Yet, this malware is often detected by many antivirus applications. However, some of them aren’t successful in deleting it. Worm:Win32/Phorpiex.M has the following aliases:

  • Trojan.Win32.Jorik.IRCbot.waj (Kaspersky)
  • BackDoor.IRC.Bot.2232 (Dr.Web)
  • Trojan-PWS.Win32.Fareit (Ikarus)
  • PWS-Zbot.gen.ary (McAfee)
  • Troj/IRCbot-AKR (Sophos)
  • WORM_PHORPIEX.JZ (Trend Micro)

It is worthy of saying that this malware is extremely severe for your system. Certain system changes may prove the presence of this malware. In particular, we mean the presence of the following files:

  • winmgr.exe
  • winraz.exe
  • winsam.exe
  • winsvc.exe
  • winsvn.exe

Also, the following registry entry may be created by malware – HKCU\Software\Microsoft\Windows\CurrentVersion\Run with its value set to “Microsoft Windows Update”. When this scam is present on your system you may receive an email with the following details:

Attachment: -JPG.scr” contained within a ZIP file, for example, “0540435562-JPG.zip”
Subject (any of the following):
I cant believe I still have this picture
I love your picture!
Is this you??
Picture of you???
Should I upload this picture on facebook?
Someone showed me your picture
Someone told me it’s your picture
Take a look at my new picture please
Tell me what you think of this picture
This is the funniest picture ever!
What do you think of my new hair
What you think of my new hair color?
What you think of this picture?
You look so beautiful on this picture
You should take a look at this picture
Your photo isn’t really that great

So, Worm:Win32/Phorpiex.M spreads itself to other PCs through email. It downloads a list of email addresses to send itself to from a certain URL. The URL is provided by a remote attacker connected to your computer via IRC. If you have this virus on your system you should immediately clean your computer by running powerful security application. Please download it below.

(Visited 686 times, 1 visits today)

Related posts:

Leave a Comment