Worm.Morto.D

Worm.Morto.D is a malicious computer infection or a worm that enters target systems in order to spread the main Morto payload that it downloads from a remote server. Just from this fact we can tell that Worm.Morto.D can easily connect to the Internet without the user’s knowledge and perform various operations that in the longer run can seriously damage the computer system, even though originally worms do not infect system files.

The Worm.Morto.D file by itself is a DLL file that is responsible for executing the payload prepared by the hacker who has devised the whole infection plan. This worm actually makes use of the Windows system, because upon the installation it drops a file called clb.dll into the system. Note that there is a legitimate system file called “clb.dll” as well, and since there is a specific order according to which the files are searched for and run in Windows, the clb.dll file that belongs to Worm.Morto.D is run instead of the real file, thus allowing the infection to settle down in the system.

From there Worm.Morto.D is looking for a way to spread onto other computers as well. It checks the network and looks for computers that are connected through RDP sessions (Remote Desktop service) and notes down all the IP addresses that can be found in the infected computer’s subnet, so that Worm.Morto.D could connect to those computers using specific usernames and passwords.

While Worm.Morto.D is trying to spread further on, it also downloads and installs additional components on the infected computer and once everything is set then the worm receives commands from a remote server to perform a Denial of Service (DoS) attack against specific servers and websites. Also, in order to prolong its stay in the computer Worm.Morto.D terminates processes that are related to security programs, including ACAAS, AvastSvc, mcshield, scanwscs and so on. In additional to that the worm removes such system event logs as Security log and System log.

Since this infection can cause a lot of damage not only system, but also network-wise, you have to remove Worm.Mordo.D from your computer without further ado. Manual worm removal is recommended only for experienced computer users, because such infection perpetrates deep into the system and there are a lot system files that you have to deal with in order to terminate the malicious application. Therefore, acquire a powerful security tool and erase Worm.Mordo.D automatically as soon as possible.