Remove W32.Pilleuz.B
Posted on: January 26th, 2010
| Discovered: | January 19, 2010 |
| Updated: | January 19, 2010 5:21:37 PM |
| Type: | Worm |
| Systems Affected: | Windows 98, Windows 95, Windows XP, Windows Me, Windows Vista, Windows NT, Windows Server 2003, Windows 2000 |
| Recommended Action: | |
 In order to Remove W32.Pilleuz.B you need to Download the ‘No Adware’ remover software. Based on our testing this was the best peforming remover of W32.Pilleuz.B. Read our full No Adware Review |
|
| Technical Details: |
| When the worm is executed, it creates the following files:
* %SystemDrive%\RECYCLER\[SID]\nissan.exe * %SystemDrive%\RECYCLER\[SID]\Desktop.ini * %DriveLetter%\RECYCLER\[SID]\csrxx.exe (W32.IRCBot) * %DriveLetter%\SLATKO\torta.exe * %DriveLetter%\SLATKO\Desktop.ini * %DriveLetter%\autorun.inf It then creates the following registry entry, so that it starts when Windows starts: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\”Taskman” = “C:\RECYCLER\[SID]\nissan.exe” The worm then opens a back door and connects to the following domains on UDP port 25000: * sandra.prichaonica.com * pica.banjalucke-ljepotice.ru * l33t.brand-clothes.net The worm also copies itself to the shared folder of the following file-sharing programs: * Ares * BearShare * iMesh * Shareaza * Kazaa * DC++ * eMule * LimeWire It then monitors browsing activities, logging passwords stored in the browsers. The worm will send messages through Microsoft instant messaging programs, such as MSN Messenger and Windows Live Messenger, that include a link to download the worm. |
| Action Steps: |
| FREE SCAN: NoAdware can Remove W32.Pilleuz.B. Click the link below for your free download & scan your PC now.
Please click here for manual removal instructions. |
