Worm.Helompy.A

Worm.Helompy.A is a computer infection that can replicate itself inside the infected system and then spread from one computer to another using various means of distribution. Usually, things like Worm.Helompy.A are delivered from one system to another via removable storage devices such as USB flash drives, or through network drives. The worm gets inside the system by exploiting certain system vulnerability. Worm.Helompy.A can also “travel” from one system to another through platforms, especially if they need an interaction in order to run. Worms are commonly found in spam email attachments or links in spam messages delivered by instant messenger programs.

The most obvious proof of this infection is lsass.exe file running in Windows Task Manager. Do not be confused though. There is also the Local Security Authentication Server process that is called the same and is absolutely legal; however, Worm.Helompy.A copies itself as lsass.exe into C:\win\lsass.exe directory, while the legitimate file in System32 folder. What is more, Worm.Helompy.A adds a subkey into the registry that allows it execute the malicious file whenever the users turns on the computer. Besides the subkey, the worm is known to create other files in the computer: 1.exe, aut7.tmp, names.txt etc.

Once Worm.Helompy.A settles into the system it changes the Internet Explorer settings making the browser start in online mode. Then the worm can connect to a remote server at peradjoka.t35.com and receive configuration data from the hacker responsible for this infection. In a sense Worm.Helompy.A shows features of a Trojan behavior, because after it connects to the remote host it can easily download and execute various files. It can be updates to the worm itself or other malware that will completely cripple your computer. Not to mention that Worm.Helompy.A will also send various data from your computer away to the remote server, breaching your privacy.

Due to the fact that this dangerous infection is hard to remove manually unless you are a computer expert, users are advised to terminate Worm.Helompy.A with a trustworthy computers safeguard program, that will also make sure the worm cannot regenerate again.