Home / Parasites / Worms / Worm.Rorpian
Click on screenshot to zoom
Danger level 6
Type: Worms
Common infection symptoms:
  • Annoying Pop-up's
  • Connects to the internet without permission
  • Installs itself without permissions
  • Slow Computer
  • Slow internet connection

Worm.Rorpian

The Worm.Rorpian threat forms part of a family of worms which are capable of spreading through a network shared by various computers by exploiting vulnerabilities such as the Domain Name System Server Service vulnerability. This worm will ultimately download and execute additional malware to the system.

This worm was first detected on March 19, 2011. Because of its surreptitious infiltration of the system, users will find it difficult to detect and remove Worm.Rorpian from the system. However the presence of the following files on the system will be a clear indication of Worm.Rorpian’s presence on the system:

%TEMP%\srv950.tmp
%TEMP%\srv864.tmp
%TEMP%\srv950.ini
%TEMP%\srv864.ini
setup.fon
setup.lnk
myporno.avi.lnk
pornmovs.lnk
autorun.inf

Once Worm.Rorpian roots itself successfully into the system, it will copy itself into the Temp folder on the system using the file name in the format of srv.tmp. As an example of this:

%TEMP%\srv950.tmp
%TEMP%\srv864.tmp

This worm will also edit registry entries so that it can execute each time the user logs on to Windows. Worm.Rorpian spreads by infiltrating all network shares and copying itself in the network shares, as well as copying other malicious files.

Worm.Rorpian will download and execute more malicious files. It does this by contacting a particular I.P address, downloading files to the Windows Temp folder and then executing the harmful files. It does this by connecting to the following URLs:

http:////srv
http:///service/listerner.php?affid=
http:////dll
http:///service/scripts/files/aff_.dll
http:///soft/installer_m_.exe

Some of the reported threats and malware Worm.Rorpian has been observed as downloading to the compromised PC include
Win32/Alureon and
Rogue:Win32/FaeRean

In order to protect your PC against the severe damage this rogue will cause, destroy Worm.Rorpian with the help of a powerful and genuine security tool. This will not only erase Worm.Rorpian for good but will also contribute to adequately protecting your system against similar attacks in future.

Download Spyware Removal Tool to Remove* Worm.Rorpian
  • Quick & tested solution for Worm.Rorpian removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Worm.Rorpian

Files associated with Worm.Rorpian infection:

mexcore4.jpg
XvidSetup.exe
igfxwt32.exe
advapi32wow.exe
xregew.exe
wna113.exe
Protect.exe
msnat777f.exe
mfefire.exe
lsass.exe
lbstkbe.exe
knruxa.exe
iagu.exe
api-ms-win-core-errorhandling-l1-1-032.dll
Ahh.exe

Worm.Rorpian DLL's to remove:

api-ms-win-core-errorhandling-l1-1-032.dll

Worm.Rorpian processes to kill:

XvidSetup.exe
igfxwt32.exe
advapi32wow.exe
xregew.exe
wna113.exe
Protect.exe
msnat777f.exe
mfefire.exe
lsass.exe
lbstkbe.exe
knruxa.exe
iagu.exe
Ahh.exe
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
 This is a captcha-picture. It is used to prevent mass-access by robots.

 
© 2006-2024 pcthreat.com  |  Terms of use |  Privacy policy |  About us |  Link to US