regsvr.exe / rundll.exe / ‘Microsoft CorpAration’ virus details & heal uploaded

It has been quite many days. People have been reporting about this new virus. Thanks to Muthu Kumar, who sent me the virus file for find out the heal.

I really like this virus. It creates a lot of files and make a lot of registry changes. Finding the solution was really challenging. It is built with AutoIt , version unknown. Latest update of kaspersky do not detect this virus, unless it is scanned thoroughly.

not-a-virus:Monitor.Win32.007SpySoft.q       -> rundll.exe
Worm.Win32.AutoIt.s                                           -> regsvr.exe

The “Microsoft Corparation” tag is really confusing. Mind it, its Corp’a’ration, not Corp’o’ration … he he

I wont say my heal is totally complete, but still some more work i’m supposed to do with it, probably to fix some more registries that i still know what they do. Overall my heal will end task the virus files and restore most of the registries.

This virus/trojan keeps complete look on  the system, by taking snap shots every 30 seconds. Suppose u hav this virus for 30 days,just think how much space it will eat. lol

Like the recent coming viruses, even this virus makes exe file inside every folder with the name of the parent folder. (BUT only in the removable drives, this is what i found). It spreads via pen drives, leaving regsvr.exe, New Folder.exe, autorun.inf files in the root directory of pen drive and other <folder named> files inside.

So here is the solution…

Tags: , , , , , , , ,

64 Responses to “regsvr.exe / rundll.exe / ‘Microsoft CorpAration’ virus details & heal uploaded”

  1. pranav Says:

    i’ve got a new problem.

    In one of my friend’s computers i found that the system folders and some other folders were hidden. So i tried to set these files to be visible using folder options. Evrything went fine till i clicked apply and ok. But even then i found that system and hidden folders remain hidden. when i opened folder options again i found that the show system folders and the show hidden files options remain unchecked . I’ve tried several times but haven’t been able unhide these hidden folders. does anyone know whats wrong with his system?

  2. parker Says:

    I think this is the virus r office computer has… The problem is that we can’t even acces anything excepy hp system recovery which isn’t helping a bit. Is there anything we can do to at least transfer r business files to a geek stick… Please help

  3. japz Says:

    hi Piyush,

    Is your blog regarding this topic incomplete? “regsvr.exe / rundll.exe / ‘Microsoft CorpAration’ virus details & heal uploaded”

    Coz after “So here is the solution…” I can’t see steps or solution abt. it

    I need to read the solution/steps u’ve done to fix the problem coz I’m experiencing the same 😦

    Hope you could send it to my email

    Thanks in Advance!

Comments are closed.

%d bloggers like this: