W32.Slegon
W32.Slegon (also known as W32/Slegon.Worm) is a worm that spreads via removable storage devices and mapped network drives. Once active, W32.Slegon attempts to connect to a remote server in order to download additional malware onto the infected computer system. W32.Slegon may also modify registry entries in order to begin running as soon as Windows starts up.
File System Details
W32.Slegon may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %DriveLetter%\autorun.exe | |
| 2. | %System%\logon.exe | |
| 3. | %DriveLetter%\autorun.inf |
Registry Details
W32.Slegon may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\"" = "%CurrentFolder%\[ORIGINALLY EXECUTED FILE]:*:Enabled:RUNTIME_EXECUTABLE"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"svchost" = "C:\WINDOWS\system32\logon.exe"
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.