Resolve for Alcra-B description
A tool that removes W32/Alcra-B
Resolve is the name for a set of small, downloadable Sophos utilities designed to remove and undo the changes made by certain viruses, Trojans and worms.
They terminate any virus processes and reset any registry keys that the virus changed. Existing infections can be cleaned up quickly and easily, both on individual workstations and over networks with large numbers of computers.
W32/Alcra-B is a worm for the Windows platform.
W32/Alcra-B spreads via file sharing on P2P networks.
W32/Alcra-B includes functionality to download, install and run new malware executables. W32/Alcra-B is a worm for the Windows platform.
W32/Alcra-B spreads via file sharing on P2P networks.
W32/Alcra-B includes functionality to download, install and run new malware executables.
W32/Alcra-B typically arrives with the filename Setup.exe.
When first run W32/Alcra-B displays a dialog box with the text “Setup”, “Welcome to the Setup Wizard …”. W32/Alcra-B creates the folder winupdates, copies itself to this folder as winupdates.exe and creates the following files:
winupdatesa.zip
cmd.com
bszip.dll
netstat.com
ping.com
regedit.com
taskkill.com
tasklist.com
tracert.com
All files and folders will have the hidden and system attributes set, including the Windows system folder.
a.zip is a zip archive containing a copy of W32/Alcra-B named Setup.exe.
Bszip.dll is a clean file compression utility.
The new files created in the Windows system folder by W32/Alcra-B with a COM extension are simply ‘MZ’ stubs (2-byte files simply containing “MZ”), designed to disable the standard Windows applications: cmd, netstat, ping, regedit, taskkill, tasklist and tracert. Executables files with a COM extension have precedence over files with the same filename, but an extension of EXE, therefore if a user runs “cmd”, “netstat”, “ping”, “regedit”, “taskkill”, “tasklist” or “tracert”, the new file with a COM extension will be executed rather than the legitimate executable with an extension of EXE.
The following registry entry is created to run winupdates.exe on startup:
HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun
winupdates
winupdateswinupdates.exe /auto
W32/Alcra-B can be removed from Windows computers automatically with the following Resolve tools:
Windows disinfector
ALCRAGUI is a disinfector for standalone Windows computers. To use it you have to do the following:
· Open ALCRAGUI.com file from your desktop after downloading it.
· Click on the Start Scan Button.
· Wait for the process to complete.
Command line disinfector
ALCRASFX.EXE is a self-extracting archive containing ALCRACLI, a Resolve command line disinfector for use by system administrators on Windows networks.
See Demo – Download – Visit Author Site
Please comments and give ratings. You may also report of broken or incorrect link using comments box below. Thanks!