Threat Database Worms W32.Stikpid

W32.Stikpid

By Sumo3000 in Worms

Threat Scorecard

Threat Level: 10 % (Normal)
Infected Computers: 61
First Seen: July 27, 2012
Last Seen: November 17, 2022
OS(es) Affected: Windows

W32.Stikpid is a worm that proliferates through removable drives. W32.Stikpid downloads potentially harmful files, steals computer system data, and opens a back door on the infected machine. W32.Stikpid may proliferate via spam email attachments, corrupted removable drives, drive-by downloads, or can be distributed by other malware threats. When activated, W32.Stikpid may create copies of itself into the particular locations. W32.Stikpid may create the specific registry entries so that it can load automatically whenever you boot up Windows. W32.Stikpid may embed itself into the processes called iexplore.exe or explorer.exe in order to connect to the web. W32.Stikpid may also create the certain file in order to launch whenever the drive is used on another workstation. W32.Stikpid may also gather personal details, such as certain accessible permissions, CPU type.OS version, successful installation.

File System Details

W32.Stikpid may create the following file(s):
# File Name Detections
1. %UserProfile%\Application Data\Microsoft\[SEVEN CHARACTERS].exe
2. %DriveLetter%\[ALL EXISTING FOLDERS]\[SEVEN CHARACTERS]_a.exe
3. %DriveLetter%\[ALL EXISTING FOLDERS]\[SEVEN CHARACTERS]_l.exe
4. %DriveLetter%\autorun.inf
5. %UserProfile%\Local Settings\Temp\[SEVEN CHARACTERS]_a.dat
6. %UserProfile%\Local Settings\Temp\[SEVEN CHARACTERS]_l.dat

Registry Details

W32.Stikpid may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"[SEVEN CHARACTERS]" = "[PATH TO WORM]"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\"[SEVEN CHARACTERS]" = "[PATH TO WORM]"

URLs

W32.Stikpid may call the following URLs:

https://feed.prosearchconverters.com/

Trending

Most Viewed

Loading...