W32.Mocon
Aliases: W32/Mocon
Variants: Mocon
Classification: Malware
Category: Computer Worm
Status: Active and Spreading
Spreading: Slow
Geographical info: N/A
Removal: Easy
Platform: W32
Discovered: 26 Apr 2009
Damage: Medium
Characteristics: This malware is an autorun worm that is capable of logging keystrokes and stealing information from a victim computer. Its spreading method involves copying its code to every available removable drive. The Autorun function exploited by this worm is a convenience feature of Windows that may actually cause harm when used by malicious users. Autorun basically allow selected files to run in the event that an autorun enabled drive like a USB, is inserted in the computer system.
W32.Mocon Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Mocon from your computer.
More details about W32.Mocon
When run in the host machine, the W32.Mocon worm will create an .exe file and an autorun.inf file. The autorun feature permits exe files on a drive to be executed immediately when the drive is used. This feature functions via the autorun.inf file. Once a drive is used, the operating system will scan for the presence of the file autorun.inf and if located, it will automatically follow the commands written on the file. The W32.Mocon worm creates its own autorun.inf file instead of modifying the original autorun.inf file. The file created by the worm will be instructed to execute the worm every time that access to the drive is detected. Once the worm has loaded, it will look for similar drives it can infect and then carry out the process again.The worm also edits the registry. It will create a registry entry so that it can execute every time that Windows is started. It will likewise modify some registry entries to avoid being detected. This security threat will also log keystrokes and will collate the logged info in a log file. This log file will be then sent by the worm to a predetermined URL. To remove the W32.Mocon worm, terminate the cssrs.exe process in the Windows Task Manager. Next, find all files added by the worm and then edit the registry, making sure that all entries added by the malware will be deleted and all entries modified by the malware will be restored.
Browse for more malware information
- W32.Mocon
- W32.Mogi
- W32.Momib.A
- W32.Moody.Worm
- W32.Mota.A
- W32.Motsys
- W32.Moubot
- W32.Moulo
- W32.Mournor
- W32.MsWorld@mm
- W32.Mubla.Gen
- W32.Mugly.A@mm
- W32.Mular.A
- W32.Multex.B
- W32.Music.A.Worm
- W32.Muzk.Irc
- W32.MyLife@mm
- W32.MyPower@mm
- W32.Mybabypic.Worm
- W32.Mydoom!gen
- W32.Myfip.A
- W32.Myparty@mm
- W32.Mypics.Worm
- W32.Mysamurai
- W32.Mytob!gen
- W32.Naco@mm
- W32.Naked@mm
- W32.Namshare
- W32.Narcha
- W32.Narcs
Contact Us
|
Privacy Policy
|
Site Map
Copyright © Uniblue Systems Limited 2007. All rights reserved.