PCBugSquad

The W32.Azero.A infection is virus that infects .exe files so that when they are run they further infect other .exe files. When a .exe file is run the virus will create the following files:

• %System%\Windows 3d.scr
• %System%\commandprompt.sysm
• %System%\desktop.sysm
• %UserProfile%\application data\Microsoft\[4 RANDOM LETTERS].exe

It will then create the following folders:

It also creates the following folders:

• %UserProfile%\applications data\excel
• %UserProfile%\applications data\media player
• %UserProfile%\applications data\Microsoft
• %UserProfile%\applications data\office
• %UserProfile%\applications data\Windows
• %UserProfile%\applications data\word

It then creates the following Windows Registry entry so that it starts automatically when the computer boots up:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”VisualStyle” = “%System%\desktop.sysm”

When a computer is infected with this virus they will find that their computer runs slower than normal and tends to crash.

Automatic Removal Method

If you are infected with this malware, then we suggest you use Symantec Antivirus to remove this infection. The current definitions for Symantec Antivirus contains methods of removing this virus.

Download Symantec Antivirus to scan your computer for free

Manual Removal Instructions for

End these processes:

Learn how to end processes

desktop.sysm

Delete these files:
Lean how to remove files

• %System%\Windows 3d.scr
• %System%\commandprompt.sysm
• %System%\desktop.sysm
• %UserProfile%\application data\Microsoft\[4 RANDOM LETTERS].exe

Remove these Registry keys:

Learn how to remove Windows Registry entries

Warning: Editing the Windows Registry incorrectly can cause problems with your computer that may cause it not to operate correctly.  Please edit the Registry only if you know what you are doing.  Otherwise, please use the automated removal method above.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”VisualStyle” = “%System%\desktop.sysm”