Multi-Device Licenses (Volume Discounts)

Change Region

English
Threat Database Worms Worm:JS/Proslikefan.gen!D

Worm:JS/Proslikefan.gen!D

By Domesticus in Worms

Worm:JS/Proslikefan.gen!D is a polymorphic worm, which can modify a targeted PC's settings, block processes related to security tools and drop harmful files. Worm:JS/Proslikefan.gen!D grabs information about the compromised PC and may distribute other security threats. Worm:JS/Proslikefan.gen!D can also prevent security applications from functioning appropriately. Worm:JS/Proslikefan.gen!D propagates through file-sharing networks and removable drives. While being installed, Worm:JS/Proslikefan.gen!D makes system alterations on the affected computer system. Worm:JS/Proslikefan.gen!D can restrict PC users from running Task Manager and Registry Editor. Worm:JS/Proslikefan.gen!D can also prevent the victimized PC user from using the Windows Security Center service and modifying the start page ob Internet Explorer. Worm:JS/Proslikefan.gen!D modifies the Windows Registry on the attacked computer. Worm:JS/Proslikefan.gen!D creates the registry entry to make sure that it can load automatically whenever the computer user starts the PC. Worm:JS/Proslikefan.gen!D strives to contact a remote command and control (C&C) server to download configuration files and updates. Worm:JS/Proslikefan.gen!D grabs information about the victimized PC, such as what version of Windows it is running and what type of processor it has, and transfers the information back to a distant server. Worm:JS/Proslikefan.gen!D then waits for further instructions from cybercrooks.

File System Details

Worm:JS/Proslikefan.gen!D may create the following file(s):
Expand All | Collapse All
# File Name Detections
1. [startup folder]\34d.js
2. %APPDATA%\7088\669e.js
3. %ProgramFiles%\6f80\6e816.js

Registry Details

Worm:JS/Proslikefan.gen!D may create the following registry entry or registry entries:
HKEY..\..\..\..{RegistryKeys}
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center "AntiVirusDisableNotify" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer "NoWindowsUpdate" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT "DontReportInfectionInformation" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies "DisableRegistryTools" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced "Hidden" = "2"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc "Start" = "4"
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center "FirewallDisableNotify" = "1"
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center "UpdatesDisableNotify" = "1"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall" = "0"
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore "DisableConfig" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "HideFileExt" = "1"
HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel "HomePage" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "669e" = "%APPDATA%\[RANDOM ALPHANUMERIC CHARACTERS]\[RANDOM ALPHANUMERIC CHARACTERS].js"
HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center "AntiVirusOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc "FirewallOverride" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion "SystemRestoreDisableSR" = "1"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies "DisableTaskMgr" = "1"
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon "ParseAutoexec" = "0"

URLs

Worm:JS/Proslikefan.gen!D may call the following URLs:

hornypornvid.com

Trending

Most Viewed

Loading...