Click on screenshot to zoom
Danger level 8
Type: Worms

Worm.Phorpiex.A

There are many threats facing healthy PCs the world over, and it is impossible to protect your against threats such as Worm.Phorpiex.A and similar without some type of help. That is why it is crucially important to continually update your PC protection software. Worm.Phorpiex.A in particular is a nasty worm with backdoor capabilities which spreads via removable drives from one system to another, as well as popular instant messaging applications such as Windows Live Messenger.

Because Worm.Phorpiex.A’s actions are performed completely in the system’s background, as well as its devious infiltration methods the user will find it difficult to detect and remove Worm.Phorpiex.A from the system. The following files on the system will indicate the presence of Worm.Phorpiex.A on the PC:

%ALLUSERSPROFILE%\Microsoft-Driver-1-82-8475-5627-5645\winrsvn.exe
:\winrsdrv32.exe

Download Spyware Removal Tool to Remove* Worm.Phorpiex.A
  • Quick & tested solution for Worm.Phorpiex.A removal.
  • 100% Free Scan for Windows

And the presence of the following registry modifications:

In subkey: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\
Sets value: "Microsoft® Update Service"
With data: "%ALLUSERSPROFILE%\Microsoft-Driver-1-82-8475-5627-5645\winrsvn.exe"

Worm.Phorpiex.A will also try and entice users to users to download a picture over their instant messaging application, which seems like it is being sent from one of their trusted contacts. The body of the message reads as follows:

"tell me what you think of this picture i edited
this is the funniest photo ever!
tell me what you think of this photo
t think i will ever sleep again after seeing this photo
i cant believe i still have this picture of you from last winter
should i make this my default picture?
my parents are going to kill me if they find this picture"

It is clear from the above message that this is a ploy from Worm.Phorpiex.A to get its prospective victims to execute a file which carries its infection. Once the worm is executed, it will create a mutex on the system, "J9Zf6Fe67fZTFt", to ensure that only one copy of the worm is running on the system. It will copy itself to this location on the system, and then executes that copy:

%ALLUSERSPROFILE%\Microsoft-Driver-1-82-8475-5627-5645\winrsvn.exe

The worm will also copy itself to removable drives with ‘hidden’ and ‘system’ attributes, such as the following illustrates:

:\winrsdrv32.exe

At the end of the day it will be quite impossible to protect your system against this worm and similar threats if you attempt to go at it alone. Make use of the removal power of a genuine security tool, which will annihilate Worm.Phorpiex.A from the system but also protect the PC against similar future attacks and threats.

Download Spyware Removal Tool to Remove* Worm.Phorpiex.A
  • Quick & tested solution for Worm.Phorpiex.A removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Worm.Phorpiex.A

Files associated with Worm.Phorpiex.A infection:

CFX.exe
newdnswatch.exe
api-ms-win-core-memory-l1-1-032.dll
winsvc.exe
winvns.exe
MediaPlayerSetup.exe
winsvn.exe
adobearp.exe
libreal.exe
winmgr.exe
wincrs.exe
csrss.exe
winvns.exe
winsvc.exe
newdnswatch.exe
MediaPlayerSetup.exe
libreal.exe
CFX.exe
api-ms-win-core-memory-l1-1-032.dll
adobearp.exe
winsvn.exe

Worm.Phorpiex.A DLL's to remove:

api-ms-win-core-memory-l1-1-032.dll

Worm.Phorpiex.A processes to kill:

CFX.exe
winsvc.exe
winvns.exe
libreal.exe
winsvn.exe
MediaPlayerSetup.exe
adobearp.exe
newdnswatch.exe
winmgr.exe
wincrs.exe
csrss.exe
winvns.exe
winsvc.exe
newdnswatch.exe
MediaPlayerSetup.exe
libreal.exe
CFX.exe
adobearp.exe
winsvn.exe
winsvn.exe
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.