Win32/Xorer
Win32/Xorer is a worm, which is a member of a Xorer family of worms and viruses. Win32/Xorer downloads copies of the malevolent code into removable drives. Win32/Xorer is configured to start automatically whenever the corrupted drive is accessed. Using the corrupted drive to the other computer with enabled autorun feature also runs the code of Win32/Xorer without the computer owner's knowledge. Variants of Win32/Xorer are also deployed as contents in Winrar compressed file that is accessed once the code is extracted. While being executed, Win32/Xorer may conduct numerous harmful actions on the targeted PC. Win32/Xorer makes modifications to the Windows Registry by adding a specific registry entry to disable some Windows functions. Win32/Xorer can also disable autorun feature on the infected computer to instantly run other versions of Win32/Xorer from the same group. Win32/Xorer has a capability of installing a rootkit service on the vulnerable computer. Win32/Xorer adds a file to the root of every writable drive it founds attached to the affected computer. Win32/Xorer will create a specific Windows service to initiate itself whenever you start a computer.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | [hard drive 1]\037589.log – Identified as Virus:Win32/Xorer.X | |
| 2. | %windir%\system32\com\smss.exe – Identified as Virus:Win32/Xorer.O | |
| 3. | [hard drive 1]\netapi000.sys – Identified as Virus:Win32/Xorer.H | |
| 4. | [hard drive 1]\pagefile.pif – Identified as Virus:Win32/Xorer.X | |
| 5. | %windir%\system32\dnsq.dll – Identified as Vius:Win32/Xorer.gen!dll | |
| 6. | %windir%\system32\com\netcfg.dll – Identified as Virus:Win32/Xorer.E | |
| 7. | %windir%\system32\com\netcfg.000 – Identified as Virus:Win32/Xorer.E | |
| 8. | %windir%\system32\.log – Identified as Virus:Win32/Xorer.X | |
| 9. | %windir%\system32\com\lsass.exe – Identified as Virus:Win32/Xorer.X |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.