drvsys.exe - Dangerous
drvsys.exe
Manual removal instructions:
Antivirus Report of drvsys.exe:
drvsys.exe
I-Worm.Bagle.y
This worm spreads via the Internet as an attachment to infected messages.
Characteristics of infected messages
Sender's address (chosen at random from the following):
Message header (chosen at random from the following):
Message body:
There is a wide range of possible message texts.
Attachment name:
Random, with one of the following extensions: .exe .com .scr .cpl. hta .vbs .zip
The worm searches the system register for keys created by other worms (e.g. Netsky) and deletes them.
The worm also attempts to connect to a range of remote sites, and to save information about the victim computer on these sites.
The worm searches the computer for files and sends itself to all email addresses found in these files.
It uses its own SMTP-server to send messages.
The worm attempts to combat antivirus programs and firewalls by terminating memory processes.
Manual removal:
Delete the value "drvsys.exe" = "%system%\drvsys.exe"
in the system registry autorun key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
| drvsys.exe | Malware |
| drvsys.exe | Dangerous |
| drvsys.exe | High Risk |
This worm spreads via the Internet as an attachment to infected messages.
Characteristics of infected messages
Sender's address (chosen at random from the following):
Message header (chosen at random from the following):
Message body:
There is a wide range of possible message texts.
Attachment name:
Random, with one of the following extensions: .exe .com .scr .cpl. hta .vbs .zip
The worm searches the system register for keys created by other worms (e.g. Netsky) and deletes them.
The worm also attempts to connect to a range of remote sites, and to save information about the victim computer on these sites.
The worm searches the computer for files and sends itself to all email addresses found in these files.
It uses its own SMTP-server to send messages.
The worm attempts to combat antivirus programs and firewalls by terminating memory processes.
Manual removal:
Delete the value "drvsys.exe" = "%system%\drvsys.exe"
in the system registry autorun key: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.