How to remove the desktop.sysm or W32.Azero.A infection

The W32.Azero.A infection is virus that infects .exe files so that when they are run they further infect other .exe files. When a .exe file is run the virus will create the following files:

%System%\Windows 3d.scr
%System%\commandprompt.sysm
%System%\desktop.sysm
%UserProfile%\application data\Microsoft\[4 RANDOM LETTERS].exe

It will then create the following folders:

It also creates the following folders:

%UserProfile%\applications data\excel
%UserProfile%\applications data\media player
%UserProfile%\applications data\Microsoft
%UserProfile%\applications data\office
%UserProfile%\applications data\Windows
%UserProfile%\applications data\word

It then creates the following Windows Registry entry so that it starts automatically when the computer boots up:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”VisualStyle” = “%System%\desktop.sysm”

When a computer is infected with this virus they will find that their computer runs slower than normal and tends to crash.

Automatic Removal Method

If you are infected with this malware, then we suggest you use Symantec Antivirus to remove this infection. The current definitions for Symantec Antivirus contains methods of removing this virus.

Download Symantec Antivirus to scan your computer for free

Manual Removal Instructions for

End these processes:

Learn how to end processes

desktop.sysm

Delete these files:
Lean how to remove files

%System%\Windows 3d.scr

%System%\commandprompt.sysm

%System%\desktop.sysm

%UserProfile%\application data\Microsoft\[4 RANDOM LETTERS].exe

Remove these Registry keys:

Learn how to remove Windows Registry entries

Warning: Editing the Windows Registry incorrectly can cause problems with your computer that may cause it not to operate correctly. Please edit the Registry only if you know what you are doing. Otherwise, please use the automated removal method above.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”VisualStyle” = “%System%\desktop.sysm”

This entry was posted on Friday, July 25th, 2008 at 3:56 pm and is filed under Malware Removal Guide, Virus. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

4 Responses to “How to remove the desktop.sysm or W32.Azero.A infection”

G3n1k Says:
August 4th, 2008 at 9:16 pm
This virus hide an application extension (.exe, just exe), i had change the option in Task Manager to Show the extension, but stil not working.
this is so risk if another virus wich hide the ‘real’ extension ( virus.doc [long space here] .exe ) attack the computer or hide in portable USB stick.

how i fix/ show the application extension (.exe) ???
admin Says:
August 6th, 2008 at 5:57 pm
Open a folder and then click on Tools and then Folder options.

Click on the view tab and uncheck Hide file extensions.
ErZaZ Says:
October 25th, 2008 at 8:32 am
Saya, tidak menyadari bahwa ada virus yang aneh ini, bagaimana virus tersebut menyembunikan extensi exe?
Truzz Folder Option gak bisa di apply, kenapa ni?
Eh, virus kya gini bahaya ga ya?
tapi saya telah menghapus desktop.sysm dan commnadpromnt.sysmt
ada yang punya W32.Azero.A Remover ? tw Fixernya ya?
ErZaZ MaMenZ Says:
October 31st, 2008 at 2:51 am
Virus Ini Unik, jika kita menjalani program (.Exe) maka ia akan menggandakannya ke (%userprofilr%\Application data\Microsoft\*.exe ) komputer saya sudah dua minggu dan adakah yang mempunya program fixernya ?

PCBugSquad

Pages

Recent Posts

Categories

Blogroll

Meta