W32.Pykspa.E
W32.Pykspa.E is a devious worm that distributes itself through Instant Messengers such as Skype. W32.Pykspa.E enters users' computers and gathers confidential information that is later sent to a remote location. The stolen information can then be used for malicious activities such as Identity Theft. W32.Pykspa.E may also disable certain security programs in order to avoid detection.
File System Details
W32.Pykspa.E may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %Temp%\[RANDOM FILE NAME].exe | |
| 2. | %System%\[RANDOM FILE NAME].exe |
Registry Details
W32.Pykspa.E may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\Run\"[RANDOM FILE NAME]" = "%Temp%\[RANDOM FILE NAME].exe"
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\RunOnce\"[RANDOM FILE NAME]" = "[RANDOM FILE NAME].exe."
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\RunOnce\"[RANDOM FILE NAME]" = "[RANDOM FILE NAME].exe."
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\policies\Explorer\Run\"[RANDOM FILE NAME]" = "%Temp%\(ramdom).exe"
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\RunOnce\"[RANDOM FILE NAME]" = "%Temp%\[RANDOM FILE NAME].exe."
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\"[RANDOM FILE NAME]" = "[RANDOM FILE NAME].exe"
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\policies\Explorer\Run\"[RANDOM FILE NAME]" = "[RANDOM FILE NAME].exe"
HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Current Version\Run\"[RANDOM FILE NAME]" = "(ramdom).exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\"[RANDOM FILE NAME]" = "%Temp%\[RANDOM FILE NAME].exe"
HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\RunOnce\"[RANDOM FILE NAME]" = "%Temp%\[RANDOM FILE NAME].exe."
