The Malware Dictionary

The Latest Computer Adware, Spyware, and Virus Info!

Computer Worms – Faizal.JS

Tags: , , , , , , , ,

Faizal.JS Computer Worm Description

Faizal is a computer worm based on Javascript. It will attempt to copy itself to all drives on your computer after successful infection.  The best means to prevent infection by the Faizal javascript worm is to run up-to-date antivirus and antispyware protection on your computer.How the Faizal.JS Computer Worm Infects Your Computer?

Faizal can spread to your computer through a number of methods. The majority of antivirus programs will detect the worm if left activated and updated. If you do not run active computer security protection, it can spread through opening infected media files, as a payload of a Trojan virus, or through visiting malicious websites.

Faizal.JS Computer Worm MalwarePayload

Once the Faizal worm has infected your computer, it will create the following file: %System%\faizal.js. It will then modify your registry so that it will run when you restart your computer. After this phase of the infection is complete, Faizal will then attempt to copy itself to all drives connected to your computer.
Faizal.JS Computer Worm Malware Processes and Files

The registry entry made by Faizal to run on Windows restarting is:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”faizal” = “wscript.exe C:\WINDOWS\system32\faizal.js”

Faizal will also make the following registry entries or modifications on your computer:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinLogon\”LegalNoticeCaption” = “FAIZAL”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinLogon\”LegalNoticetext” = “You have been infected by FAIZAL virus”

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives\”ShowSuperHidden” = “0″

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Window Title” = “faizal”

After modifying your computer’s registry, Faizal will then attempt to copy itself to each drive on your computer. The files copied are:

%DriveLetter%\AutoRun.inf
%DriveLetter%\faizal.jsFaizal.JS Computer Worm Basic Removal Steps

The Faizal.JS Computer Worm is complex and it is not recommended to attempt manual removal. Automatic removal using an updated anti-virus program is the recommended means for removal.

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • Propeller
  • Yahoo! Buzz
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • FriendFeed
  • Twitter

Related posts:

  1. W32.Allaple Computer Malware – Worm W32.Allaple Computer Malware – Worm Description w32 allaple is a...
  2. Win32.Antinny Computer Worm Win32.Antinny Computer Worm Description Win32 Antinny is a p2p worm...
  3. W32.Bobax Computer Worm W.32 Bobax Computer Worm W.32 Bobax is a type of...
  4. Win32.Kelvir Computer Worm Win32.Kelvir Computer Worm Description Kelvir is an Instant Messenger (IM)...
  5. How Does a Computer Worm Work? Computer worms are made to infect other computers through using...

Related posts brought to you by Yet Another Related Posts Plugin.

Tags: , , , , , , , ,

Leave a Reply

Main Menu

    Translate to:

    Powered by Google Translate.

Malware Dictionary Friends

Recent Posts

© 2009 The Malware Dictionary. All Rights Reserved.

This blog is powered by Wordpress and Magatheme by Bryan Helmig.