W32.Fypzserv

W32.Fypzserv Description

W32.Fypzserv is a virus that hijacks particular documents, archives, and media files on the targeted PC. W32.Fypzserv may circulate through removable drives. Once run, W32.Fypzserv creates the copies of itself as the malevolent files. W32.Fypzserv creates the malevolent files on all removable drives. W32.Fypzserv creates the registry entry so that it can load automatically whenever you start Windows. W32.Fypzserv creates the registry entry to reduce security settings on the affected computer. W32.Fypzserv creates the registry entries to disable particular programs on the compromised PC. W32.Fypzserv modifies all files with the extensions incorporating docx, doc, xls, xlsx, pptx, ppt, mdb, mdf, accdb, jpg, jpeg, zip, rar, pdf, pst, psd, cdr, avi, mkv, mp4, mov, vob, mp3, iso, nrg, flv and swf. When the files are hijacked by W32.Fypzserv, they will not work until they have been fixed. W32.Fypzserv modifies the registry entries to conceal its occurrence and to modify Internet Explorer settings. W32.Fypzserv also makes other modifications to the Windows Registry.

Technical Information

Registry Details

W32.Fypzserv creates the following registry entry or registry entries:
RegistryKey
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\"DisableTaskMgr" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"DisableTaskMgr" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\HideFileExt\"UncheckedValue" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srservice\"Start" = "4"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"EnableLUA" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore\"LastIndex" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\"CheckedValue" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\"CleanShutdown" = "0"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"igfxhost" = "%UserProfile%\igfxhost.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System\"DisableRegistryTools" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\"DisableRegistryTools" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\"UncheckedValue" = "0"

Leave a Reply

Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.