W32.Micharo
W32.Micharo is a malicious worm that uses removable drives to circulate. When executed, W32.Micharo copies itself by creating the particular files on all removable drives and runs when the drives are accessed. W32.Micharo creates the particular registry entries so that it can start automatically every time you boot up Windows. W32.Micharo then modifies the specific registry entry in order to modify Internet Explorer settings. W32.Micharo connects to the specific web page for downloading and running a possibly malevolent file. Eliminate W32.Micharo before it destroys your computer.
File System Details
W32.Micharo may create the following file(s):
# | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
---|---|---|
1. | %Windir%\winhelp32.exe | |
2. | %Windir%\winlogon.exe | |
3. | %DriveLetter%\DrivesGuideInfo\autorun.exe | |
4. | %Windir%\ssms.exe | |
5. | %DriveLetter%\DrivesGuideInfo\[CLSID]\autorun.exe | |
6. | %DriveLetter%\DrivesGuideInfo\[CLSID]\desktop.ini | |
7. | %DriveLetter%\DrivesGuideInfo.lnk | |
8. | %Windir%\version.txt | |
9. | %DriveLetter%\autorun.inf |
Registry Details
W32.Micharo may create the following registry entry or registry entries:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"NVIDIA Media Center Library" = "%Windir%\winlogon.exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"NVIDIA Media Center Library" = "%Windir%\winlogon.exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\"DefaultConnectionSettings" = "[BINARY DATA]"
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.