Also detected as:
The following entries or keys in your registry can indicate that you have this threat on your PC:
In subkey: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\s3svcSets value: "EventMessageFile" With data: "<Malware File>"
In subkey: HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\s3svcSets value: "TypesSupported" With data: "0x00000007" (REG_DWORD)
Windows Defender detects and removes this threat.
This threat sends spam email messages. It connects to a specific IP address to get commands and settings, which it uses for its spamming activity.
Find out ways that malware can get on your PC.
Use the following free Microsoft software to detect and remove this threat:
You should also run a full scan. A full scan might find hidden malware.
You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help.
If you’re using Windows XP, see our Windows XP end of support page.
This threat is a spammer Trojan. It connects to the following IP address to retrieve commands and settings that it uses for its spamming activity:
From the said IP address, it can:
We have seen this threat use the following SMTP servers to send out spam:
It adds itself as a service by adding the following registry entries:
Analysis by Francis Tan Seng
Take these steps to help prevent infection on your PC.
I want to...
Note: Your feedback is very important to us, however we do not respond to individual submissions through this channel.
If you require support, please visit the
Safety & Security Center.