Threat Database Worms IM-Worm.Win32.Sohanad.qi

IM-Worm.Win32.Sohanad.qi

By ZulaZuza in Worms

IM-Worm.Win32.Sohanad.qi is a network-aware worm that tries to replicate across the existing network. IM-Worm.Win32.Sohanad.qi circulates via Yahoo Messenger and corrupts Windows. IM-Worm.Win32.Sohanad.qi sends a message to all Yahoo Messenger contacts of an affected user. The message includes a link attracting users to download IM-Worm.Win32.Sohanad.qi. IM-Worm.Win32.Sohanad.qi also disables certain Windows functionalities and hijacks web browser's home page. IM-Worm.Win32.Sohanad.qi also downloads other malware threats and copies itself onto removable devices such as USB flash and hard drives. Uninstall IM-Worm.Win32.Sohanad.qi immediately after detection.

SpyHunter Detects & Remove IM-Worm.Win32.Sohanad.qi

File System Details

IM-Worm.Win32.Sohanad.qi creates the following file(s):
# File Name MD5 Detections
1. setupapp7070010000.exe N/A
2. %Temp%\wscsvc32.exe N/A
3. file.exe 908ff236f3c759e461ba8314e66419e7 0
4. file.exe e4d2989315fde91ac26aa745cffcf2db 0
5. file.exe 11742f14901e422567032f01863e1f38 0

Registry Details

IM-Worm.Win32.Sohanad.qi creates the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Malware Defense
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System 'DisableTaskMgr' = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings 'ProxyOverride' = ''
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations 'LowRiskFileTypes' = '.exe'
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run '[RANDOM STRING]'

Trending

Most Viewed

Loading...