Worm:Win32/Rotrumas.A

By JubileeX in Worms

Worm:Win32/Rotrumas.A is a worm that proliferates via removable drives. Worm:Win32/Rotrumas.A may replace detected picture files (.jpgand .jpeg) with its own picture and may delete contents of document files (.doc and .xls). Once installed on the targeted computer system, Worm:Win32/Rotrumas.A downloads malevolent files and modifies the Windows Registry by creating the certain registry entries so that its copy is initiated automatically whenever you boot up Windows. Worm:Win32/Rotrumas.A searches the infected computer for removable drives and, if found, adds its copy in the root folder of the drive. Worm:Win32/Rotrumas.A also creates a malevolent file to automatically load its copy when the drive is accessed and if 'Autorun' is enabled. Worm:Win32/Rotrumas.A can change file and folder display settings. Worm:Win32/Rotrumas.A can also change certain settings in the way that files and folders are shown in Windows Explorer. Worm:Win32/Rotrumas.A can remove the Folder Options menu item from the Tools menu and display hidden files and folders. Worm:Win32/Rotrumas.A steals information that involves email addresses from the affected computer.

File System Details

Worm:Win32/Rotrumas.A may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	[system folder]\deter177\sv[1 RANDOM CHARACTER]h[1 RANDOM CHARACTER]st.exe
Name: [system folder]\deter177\sv[1 RANDOM CHARACTER]h[1 RANDOM CHARACTER]st.exe Type: Executable File Group: Malware file
2.	[system folder]\deter177\smss.exe
Name: [system folder]\deter177\smss.exe Type: Executable File Group: Malware file
3.	psador18.dll
Name: psador18.dll Type: Dynamic link library Group: Malware file
4.	[system folder]\deter177\[1 RANDOM CHARACTER]ht[1 RANDOM CHARACTER]msys19.exe
Name: [system folder]\deter177\[1 RANDOM CHARACTER]ht[1 RANDOM CHARACTER]msys19.exe Type: Executable File Group: Malware file
5.	CDROM.exe
Name: CDROM.exe Type: Executable File Group: Malware file
6.	[system folder]\deter177\ctfmon.exe
Name: [system folder]\deter177\ctfmon.exe Type: Executable File Group: Malware file
7.	[system folder]\deter177\lsass.exe
Name: [system folder]\deter177\lsass.exe Type: Executable File Group: Malware file
8.	Autorun.inf
Name: Autorun.inf Group: Malware file

Registry Details

Worm:Win32/Rotrumas.A may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" "0"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon "Shell" = "explorer.exe [system folder]\?ht?msys19.exe"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "HideFileExt" "1"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "lsass" = "[system folder]\deter177\lsass.exe"

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "?ht?msys19.exe" = "[system folder]\ctfmon.exe"

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer "NoFolderOptions" "1"

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Worm:Win32/Rotrumas.A

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen