Threat Database Worms Mal/Palevo-A


By Domesticus in Worms

Threat Scorecard

Threat Level: 50 % (Medium)
Infected Computers: 5
First Seen: December 7, 2011
Last Seen: February 18, 2022
OS(es) Affected: Windows

Mal/Palevo-A is a malware infection that belongs to the Palevo family of malware, a group of dangerous worms that are among the most common malware threats. Discovered in 2009, the Mal/Palevo-A worm is often present in external memory devices, such as USB memory sticks or Flash cards. Mal/Palevo-A is designed to infect computer systems running the Windows operating system up to Windows Vista. According to ESG security researchers, Mal/Palevo-A presents a threat to your security and privacy; however, most reliable anti-virus applications should be able to stop the Mal/Palevo-A worm in its tracks. Removing the Mal/Palevo-A worm is not very practical, since the very nature of this infection involves Mal/Palevo-A making numerous copies of itself both on the victim's hard drive and on any shared folders and external memory devices that are found. To remove the Mal/Palevo-A worm, it is also necessary to revert any harmful changes that the Mal/Palevo-A worm makes to the infected computer system's Windows Registry. According to ESG malware analysts, the Mal/Palevo-A worm is designed to open a backdoor onto the infected computer system and to receive automatic commands via an IRC server at the address However, PC security researchers report that this server is no longer available.

Other Symptoms of a Mal/Palevo-A Worm Infection

Due to its very nature, the Mal/Palevo-A worm tries to remain hidden on the infected computer system displaying practically no symptoms. However, the sudden appearance of strange files on your computer system that refuses to go away or return after being deleted may be a sign of a Mal/Palevo-A worm infection. The Mal/Palevo-A worm is also capable of disabling your computer system's security measures by removing much-needed protective measures and blocking access to the most popular security applications. The Mal/Palevo-A worm uses several known Microsoft Windows vulnerabilities in order to spread itself, including security exploits involving Microsoft Windows' Plug and Play feature and Remote Message Queuing.

Protecting Your Computer System from the Mal/Palevo-A Worm

While a reliable firewall and anti-virus program should be enough to stop and detect most malware infections, criminals will usually bypass these measures by using deception and other social engineering methods. This is why it is important to learn basic online safe practices such as using strong passwords, setting low privileges on any computers on your networks, disabling AutoPlay for executable files both from removable drives and network folders and disabling file sharing when it is not essential. It is also important never to open unsolicited email attachments or visit websites that are generally considered being unsafe.


10 security vendors flagged this file as malicious.

Anti-Virus Software Detection
Ikarus Trojan.Peerfrag
Symantec W32.Pilleuz!gen1
Sophos Mal/Palevo-A
McAfee-GW-Edition Trojan.Peerfrag.GG
AntiVir TR/Peerfrag.GG
DrWeb Win32.HLLW.Lime.18
a-squared Trojan.Peerfrag!IK
NOD32 a variant of Win32/Kryptik.DCT
McAfee+Artemis W32/Palevo.gen.a

SpyHunter Detects & Remove Mal/Palevo-A

File System Details

Mal/Palevo-A may create the following file(s):
# File Name MD5 Detections
1. csrss.exe 6125b2e66843eb727768ba506e27d105 1
2. C:\Documents and Settings\user-account-name\Local Settings\rthdti.exe

Registry Details

Mal/Palevo-A may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman,(REG_SZ:%appdatadir%\rthdti.exe), (REG_SZ:)


Most Viewed