W32.Schting.A
Aliases: N/A
Variants: N/A
Classification: Malware
Category: Computer Worm
Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 26 Jun 2007
Damage: Low
Characteristics: The W32.Schting.A program is a worm that propagates by duplicating itself to local media. It also tries to lower down the protection settings of the infected computer.
W32.Schting.A Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
RECOMMENDED:
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Schting.A from your computer.
More details about W32.Schting.A
When the W32.Schting.A worm runs, it creates files such as “C:\Windows\WinSystem.exe”, “C:\Windows\Win System.exe”, “C:\Windows\windows.exe”, “C:\Windows\WinSystem”, “C:\Windows\WinSystem32.exe”, “C:\Windows\SystemMonitor.exe”, “C:\Windows\MonitorSetup.exe”, “C:\Windows\NowAndForever.exe”, “C:\Windows\system\mscomfig.exe”, “C:\Windows\regedif.exe”, “C:\log.exe”, “C:\Windows\system32\regedif32.exe”, “C:\Windows\ErrorReport.exe”, “C:\Windows\system32\WindowsProtection.exe”, “C:\Windows\system32\msiexee.exe”, “C:\Windows\system\msiexece.exe”, “C:\Windows\system\WindowsUpadate.exe”, “C:\Windows\system32\msidlI.exe”, “C:\Windows\system32\SCCONFIG.exe”, “C:\Windows\system\rundlI.exe”, “C:\Windows\system32\winlocon.exe”, “C:\Windows\system32\wpa.bdlx”, “C:\BootEx.exe”, “D:\BootEx.exe”, “C:\Windows\winsystem.exe”, “%CurrentFolder%\log.txt”, and “%CurrentFolder%\oeminfo.ini”. The worm then minimizes the windows which have titles such as “Task Manager Warning”, “Confirm Value Delete”, “Confirm Key Delete”, and “Edit String” in order to obstruct with the usage of the Windows Registry Editor and Task Manager.The W32.Schting.A program can render any security programs installed in the computer inoperative thus further exposing the compromised computer to greater risks. System files may also be modified and additional malicious software installed through the actions of the program. Finally, this program also allows the unauthorized transmission of personal and confidential information to undisclosed parties. The W32.Schting.A program affects computers operating under Windows 2000, Windows NT, Windows Me, Windows XP, Windows Server 2003, Windows Vista, Windows 98 and Windows 95.