IM-Worm.Win32.Sohanad.qi
IM-Worm.Win32.Sohanad.qi is a network-aware worm that tries to replicate across the existing network. IM-Worm.Win32.Sohanad.qi circulates via Yahoo Messenger and corrupts Windows. IM-Worm.Win32.Sohanad.qi sends a message to all Yahoo Messenger contacts of an affected user. The message includes a link attracting users to download IM-Worm.Win32.Sohanad.qi. IM-Worm.Win32.Sohanad.qi also disables certain Windows functionalities and hijacks web browser's home page. IM-Worm.Win32.Sohanad.qi also downloads other malware threats and copies itself onto removable devices such as USB flash and hard drives. Uninstall IM-Worm.Win32.Sohanad.qi immediately after detection.
SpyHunter Detects & Remove IM-Worm.Win32.Sohanad.qi
File System Details
IM-Worm.Win32.Sohanad.qi creates the following file(s):
| # | File Name | MD5 |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|---|
| 1. | setupapp7070010000.exe | N/A | |
| 2. | %Temp%\wscsvc32.exe | N/A | |
| 3. | file.exe | 908ff236f3c759e461ba8314e66419e7 | 0 |
| 4. | file.exe | e4d2989315fde91ac26aa745cffcf2db | 0 |
| 5. | file.exe | 11742f14901e422567032f01863e1f38 | 0 |
Registry Details
IM-Worm.Win32.Sohanad.qi creates the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Malware Defense
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System 'DisableTaskMgr' = '1'
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings 'ProxyOverride' = ''
HKEY_CLASSES_ROOT\CLSID\{5E2121EE-0300-11D4-8D3B-444553540000}
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations 'LowRiskFileTypes' = '.exe'
HKEY_CLASSES_ROOT\Folder\shellex\ContextMenuHandlers\SimpleShlExt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run '[RANDOM STRING]'
