We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Worm:Win32/Vormus.A
Detected by Microsoft Defender Antivirus
Aliases: Win32/Markadoo.A (CA) Worm.Win32.AutoRun.aawz (Kaspersky) Win32/AutoRun.VB.BT (ESET) :W32/Sapo.A.worm (Panda)
Summary
Worm:Win32/Vormus.A is a worm that spreads via removable drives. It modifies system settings, such as disabling Control Panel, the Command Prompt, Task Manager, and Registry editing tools.
Manual removal is not recommended for this threat. To detect and remove this threat and other malicious software that may have been installed, run a full-system scan with an up-to-date antivirus product such as the Microsoft Safety Scanner (http://go.microsoft.com/fwlink/?LinkId=212742). For more information, see http://www.microsoft.com/protect/computer/viruses/vista.mspx.
Enabling Registry Editor
This threat may modify the system to prevent Registry Editor from running. To reverse this effect on your system, please do the following:
- Run a command prompt. Click Start>Run and type cmd.
- In the command prompt, type the following as is and press Enter:
reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System /v DisableRegistryTools /t REG_DWORD /d 0 /f - Type exit at the command prompt.
Reversing System Changes
This threat may make lasting changes to an affected system’s configuration that will NOT be restored by detecting and removing this threat. For more information on returning an affected system to its pre-infected state, please see the following article/s:
- Enabling Task Manager: http://windowshelp.microsoft.com/Windows/en-us/help/28500b59-2acf-4fcf-8743-393c91915de81033.mspx
- For other support and help related articles, go to:
- Windows Vista: http://support.microsoft.com/ph/11732#tab0
- Windows XP: http://support.microsoft.com/ph/1173#tab0
- Microsoft Security TechNet Center: http://technet.microsoft.com/security/default.aspx
Follow us
