W32.HLLW.Torvel - yourwin.bat (B)

tasklist.org		A comprehensive list of processes running in your computer
		tasklist \| attachlist

bookmark this website!		total tasks: 16297

AttachList is a list of email attachment files that viruses usually send in email. It contains the attached file names, typical subjects and messages, the name of the viruses that send them, and instruction on how to remove these viruses.

most requested

Browse attachlist by file name:

| a | b | c | d | e | f | g | h | i | j | k | l | m | n | o | p | q | r | s | t | u | v | w | x | y | z |

Name: W32.HLLW.Torvel

Sender:

Varies.  May be spoofed.

Subject:

congratulations! (B)
darling (B)
Do not release, its the internal rls! (B)
Documents (B)
FW:
Have a look the Pic attached !!
Hello,
here's a nice Picture (B)
here's the archive you requested (B)
here's the document (B)
here's the document you requested (B)
here is a nice Picture
here is the document
here is the document you requested
here is the document that you had requested.
Hi,
New Internal Rls... (B)
Next Critical Vulnerability Patch
Pr0n! (B)
RE:
Returned mail-- ( B)
(security@microsoft.com)
(security@securityfocus.com)
The following mail can't be sent to
The file is the original mail
Undeliverable mail-- ( B)
Use this patch immediately !
Your Account at Info@(FakeDomain) has expired.

Message:

Hello,
You should apply this fix which solves the newest Internet Explorer
Vulnerability described in MS05-023. It's important that you apply the
fix now sincewe estimate the Buffer Overflow is at a Critical Level.
Sincerely Yours The
Security Team

Attachment:

attachment.zip (B)
document.doc.pif (B)
document1.doc.pif (B)
document.pif
flt-ixb23.zip (B)
flt-xb5.rar.pif (B)
funny_guy.pif
her_details.pif
message.zip (B)
movie0045.pif
probsolv.doc.pif (B)
Q723523_W9X_WXP_x86_EN.exe ( B)
readit.doc.pif (B)
sexinthecity.scr (B)
sexy.jpg (B)
thank_you.pif
torvil.pif ( B)
wicked_screensaver.scr
win$hitrulez.pif (B)
yourwin.bat (B)

Comments: A worm that spreads itself through Microsoft Outlook, Outlook Express, and throughfile-sharing networks.

Symptoms:


 Copies itself to %Windir%Spoolos.exe. 
 Adds the value: 
 "Service Host" = "%windir%spoolos.exe" 
 to the registry key: 
 KEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun 
 so that the worm runs when you start Windows.

Recommended Cleanup Software: We found that Easy SpyRemover is the most effective tool for removing this file.

Manual Removal Instructions: Disable System Restore (Windows Me/XP).
Update the virus definitions.
Run a full system scan and delete all the files detected as W32.HLLW.Torvel@mm.
Delete the value that was added to the registry.