system32driver32.exe - Dangerous
system32driver32.exe
Manual removal instructions:
Antivirus Report of system32driver32.exe:
system32driver32.exe
W32.Supova.Z@mm is a mass mailing worm that sends itself to the email addresses in the Microsoft Outlook address book.
The worm also uses IRC to spread.
The email has the following characteristics:
Subject: This document is interesting
Body: Hi! How are you, i hope all okay. I send you an attachment that you should see.
Attachment: ha ha ha ha.doc.exe
Creates some files in %Windir%\ or a:\ folders.
Adds the value: "Windows Drive Compatibility"="%Windir%\System32Driver32.exe"
to the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Modifies the values: "Hidden"="0" "HideFileExt"="1"
in the registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
so that the worm hides file extensions.
Modifies the value: "nofolderoptions"="1"
in the registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
so the options menu is hidden from explorer.
Adds the value: "(Default)" = "&supernova-Y2K4"
in the registry key: HKEY_LOCAL_MACHINE\Software\CLASSES\*\shell\open
so the word "supernova-Y2K4" will show up in the Context Menu when you right-click on a file.
Adds the value: "(Default)" = "notepad.exe c:\supernova.txt"
in the registry key: HKEY_LOCAL_MACHINE\Software\CLASSES\*\shell\open\command
so when you choose the word "supernova-Y2K4" from the Context Menu, it will open c:\supernova.txt.
Changes the background image to %Windir%\System32Windos.bmp:
Removal:
Use RegRun Startup Optimizer and manually change values of registry keys described above.
| system32driver32.exe | Malware |
| system32driver32.exe | Dangerous |
| system32driver32.exe | High Risk |
The worm also uses IRC to spread.
The email has the following characteristics:
Subject: This document is interesting
Body: Hi! How are you, i hope all okay. I send you an attachment that you should see.
Attachment: ha ha ha ha.doc.exe
Creates some files in %Windir%\ or a:\ folders.
Adds the value: "Windows Drive Compatibility"="%Windir%\System32Driver32.exe"
to the registry key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
Modifies the values: "Hidden"="0" "HideFileExt"="1"
in the registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
so that the worm hides file extensions.
Modifies the value: "nofolderoptions"="1"
in the registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
so the options menu is hidden from explorer.
Adds the value: "(Default)" = "&supernova-Y2K4"
in the registry key: HKEY_LOCAL_MACHINE\Software\CLASSES\*\shell\open
so the word "supernova-Y2K4" will show up in the Context Menu when you right-click on a file.
Adds the value: "(Default)" = "notepad.exe c:\supernova.txt"
in the registry key: HKEY_LOCAL_MACHINE\Software\CLASSES\*\shell\open\command
so when you choose the word "supernova-Y2K4" from the Context Menu, it will open c:\supernova.txt.
Changes the background image to %Windir%\System32Windos.bmp:
Removal:
Use RegRun Startup Optimizer and manually change values of registry keys described above.
Dmitry Sokolov:
I created UnHackMe in 2006 to fix the problem that antivioruses did not fix: detecting rootkits.
Since that time I work every day to fix the issues that antiviruses cannot.
If your antivirus have not helped you solve the problem, you should try UnHackMe.
We are a small company and you can ask me directly, if you have any questions.