W32.Zahaam
W32.Zahaam is a malignant worm that use removable drives to spread itself. Once executed, W32.Zahaam creates copies itself as the specific files on all removable drives. W32.Zahaam creates the certain registry entry so that it can launch whenever you turn your computer on. W32.Zahaam also creates more registry entries. W32.Zahaam then illustrates the following dialog box:
Title: DzDevs
Body: Hello user, how are you? Welcome to DzDevS world "TSG".
File System Details
W32.Zahaam may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %DriveLetter%\MCA 4 - 2 CRB.exe | |
| 2. | %DriveLetter%\USMA - USMH.exe | |
| 3. | %System%\tscache\003\svchost.exe | |
| 4. | %DriveLetter%\ESS Football 2010\ESS 2010.exe | |
| 5. | %System%\DzDvS.vbs |
Registry Details
W32.Zahaam may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"Sound" = "%System%\tscache\003\svchost.exe"
HKEY_CLASSES_ROOT\Drive\shell\---___DzDevS___---\command\"(Default)" = "%System%\wscript.exe %System%\DzDvS.vbs"
HKEY_CLASSES_ROOT\Folder\shell\---___DzDevS___---\command\"(Default)" = "%System%\wscript.exe %System%\DzDvS.vbs"
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.