Faizal can spread to your computer through a number of methods. The majority of antivirus programs will detect the worm if left activated and updated. If you do not run active computer security protection, it can spread through opening infected media files, as a payload of a Trojan virus, or through visiting malicious websites.
Faizal.JS Computer Worm MalwarePayload
Once the Faizal worm has infected your computer, it will create the following file: %System%\faizal.js. It will then modify your registry so that it will run when you restart your computer. After this phase of the infection is complete, Faizal will then attempt to copy itself to all drives connected to your computer.
Faizal.JS Computer Worm Malware Processes and Files
The registry entry made by Faizal to run on Windows restarting is:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”faizal” = “wscript.exe C:\WINDOWS\system32\faizal.js”
Faizal will also make the following registry entries or modifications on your computer:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinLogon\”LegalNoticeCaption” = “FAIZAL”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WinLogon\”LegalNoticetext” = “You have been infected by FAIZAL virus”
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives\”ShowSuperHidden” = “0″
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\”Window Title” = “faizal”
The Faizal.JS Computer Worm is complex and it is not recommended to attempt manual removal. Automatic removal using an updated anti-virus program is the recommended means for removal.
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
