Remove W32.Simouk
Posted on: May 30th, 2009
| Discovered: | May 22, 2009 |
| Updated: |
May 22, 2009 10:03:15 PM |
| Type: |
Trojan |
| Systems Affected: |
Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows Vista, Windows XP |
| Recommended Action: | |
 In order to Remove W32.Simouk you need to Download the ‘No Adware’ remover software. Based on our testing this was the best peforming remover of W32.Simouk .. |
|
| Technical Details: |
|
When the virus is executed, it creates one of the following files for every file it infects: * %CurrentFolder%\[INFECTED FILE NAME].url It then infects executable files found on the compromised computer by encrypting and moving 32,768 bytes of the host executable data into a separate file with the name [INFECTED FILE NAME].url in the current directory. It then writes itself into the first 28,672 bytes of the host file. When an infected file is executed, it looks for the following file: It then copies the current file [INFECTED FILE NAME].exe to [INFECTED FILE NAME].exe.lnk. It reads the [INFECTED FILE NAME].url file and decodes the encrypted host file, writing it to [INFECTED FILE NAME].exe.lnk. It then launches the file in an attempt to disguise itself. It then connects to a remote host and once connected it attempts to download any of the following items: * Additional configuration file Note: The remote host may be the following domain: |
| Action Steps: |
| FREE SCAN: NoAdware can Remove Remove W32.Simouk. Click the link below for your free download & scan your PC now.
Please click here for manual removal instructions. |
