Home Education E-BooksTravel Troubleshooting Linux Contact Us About Us
Troubleshooting Tips And Steps
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Windows & Hardware Tips
Software Troubleshooting
Information About DOS
Different DOS Commands
Windows Troubleshooting
Hardware Troubleshooting
Information On Viruses
Virus Database
Trojan Removal Techniques
Virus Tools And Softwares
Miscellaneous
Download Free Ebooks
Game Development Company
Submit Your Query

virus file

VIRUS NAME: W32/Cervivec@MM

VIRUS NAME: W32/Cervivec@MM

Internet Worm Characteristics

This worm arrives as a zip file attached to an email, named WORMS.ZIP. Inside the ZIP files is an executable named WORMS.EXE. The EXE is written in the Delphi programming language and packed with the UPX packer. When run, the worm adds a new value "Kernel Loader" to the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run which ensures that the virus runs after every reboot.

Symptoms
1. presence of the NTKRNL.EXE file in \WINDOWS\SYSTEM32 or \WINDOWS\SYSTEM 2. presence of the Registry key

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\
Run\Kernel Loader="C:\WINDOWS\system32\ntkrnl.exe -LOADDRIVERS=TRUE"

If you are fed up with any virus and not getting solution of it. mail us on amgroup@skillsheaven.com and please provide all the detail about virus.