W32.Stikpid Description

W32.Stikpid is a worm that proliferates through removable drives. W32.Stikpid downloads potentially harmful files, steals computer system data, and opens a back door on the infected machine. W32.Stikpid may proliferate via spam email attachments, corrupted removable drives, drive-by downloads, or can be distributed by other malware threats. When activated, W32.Stikpid may create copies of itself into the particular locations. W32.Stikpid may create the specific registry entries so that it can load automatically whenever you boot up Windows. W32.Stikpid may embed itself into the processes called iexplore.exe or explorer.exe in order to connect to the web. W32.Stikpid may also create the certain file in order to launch whenever the drive is used on another workstation. W32.Stikpid may also gather personal details, such as certain accessible permissions, CPU type.OS version, successful installation.

Type: Worms

How Can You Detect W32.Stikpid?

W32.Stikpid Removal Details

W32.Stikpid has typically the following processes in memory:

• %UserProfile%\Application Data\Microsoft\[SEVEN CHARACTERS].exe
• %DriveLetter%\[ALL EXISTING FOLDERS]\[SEVEN CHARACTERS]_a.exe
• %DriveLetter%\[ALL EXISTING FOLDERS]\[SEVEN CHARACTERS]_l.exe

W32.Stikpid creates the following files in the system:

• %DriveLetter%\autorun.inf
• %UserProfile%\Local Settings\Temp\[SEVEN CHARACTERS]_a.dat
• %UserProfile%\Local Settings\Temp\[SEVEN CHARACTERS]_l.dat

W32.Stikpid creates the following registry entries:

• HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”[SEVEN CHARACTERS]” = “[PATH TO WORM]“
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\”[SEVEN CHARACTERS]” = “[PATH TO WORM]”

Important Article Disclaimer