Win32/Lefgroo
Win32/Lefgroo is a worm that replicates itself to any removable drives or mapped network shares, and shows messages. While being installed on the targeted computer system, Win32/Lefgroo makes system changes by downloading harmful files and making changes to the Windows Registry. Win32/Lefgroo also creates a registry entry to make sure that it launches automatically every time you boot up Windows. Win32/Lefgroo may also open websites in a full-screen browser window. Win32/Lefgroo may also make modifications to the registry entries attempting to stay on the PC, and help in delivery of its payload. Win32/Lefgroo removes the Folder Options item from all Explorer menus and the Control Panel by making modifications the Windows Registry. Win32/Lefgroo modifies Internet Explorer settings and disables the system tool Task Manager by modifying the Windows Registry. Win32/Lefgroo uses the folder icon, which may fool the PC user into clicking on it. If the folder icon is clicked, Win32/Lefgroo will be executed.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %windir%\profile\susoft.exe | |
| 2. | %windir%\profile\services.exe | |
| 3. | [Drive]:\musica.exe |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.