For Consumer

Virus Profile: W32/Picsys.worm.c!DCE06CB7E5B9

Threat Search
Print
   
Virus Profile information details
Risk Assessment: Home Low | Corporate Low
Date Discovered: 1/22/2013
Date Added: 1/22/2013
Origin: Unknown
Length: 98823
Type: Virus
Subtype: Win32
DAT Required: 6962
Removal Instructions
   
 
 
   

Description

Viruses are self-replicating. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.

Indication of Infection

This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.

Methods of Infection

Viruses are self-replicating. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.

   

Virus Characteristics

This is a Virus

File PropertiesProperty Values
McAfee DetectionW32/Picsys.worm.c
Length98823 bytes
MD5dce06cb7e5b90459e30e874a0b611f15
SHA14df3241c978efdf0ba94b95f4ad5873bf573f013


Other Common Detection Aliases

Company NamesDetection Names
avastWin32:Picsys-C@UPX
AVG (GriSoft)Worm/Generic2.BEDH
aviraDR/Delphi.Gen
KasperskyP2P-Worm.Win32.Picsys.c
BitDefenderWin32.Worm.P2p.Picsys.C
clamavW32.Yoof
Dr.WebWin32.HLLW.Morpheus.3
F-ProtW32/Picsys
FortiNetW32/Picsys.B!worm.p2p
MicrosoftWorm:Win32/Picsys.C
SymantecW32.HLLW.Yoof
EsetWin32/Picsys.C worm
normanW32/Yoof.C
pandaW32/Picsys.A.worm
SophosW32/Picsys-C
vba32Worm.Picsys.c
V-BusterWorm.Picsys!XMnMuiZSf1k
Vet (Computer Associates)Win32/Picsys.C

Other brands and names may be claimed as the property of others.


ActivitiesRisk Levels
No digital signature is presentInformational


McAfee ScansScan Detections
McAfee BetaW32/Picsys.worm.c
McAfee SupportedW32/Picsys.worm.c



System Changes

Some path values have been replaced with environment variables as the exact location may vary with different configurations.
e.g.
%WINDIR% = \WINDOWS (Windows 9x/ME/XP/Vista/7), \WINNT (Windows NT/2000)
%PROGRAMFILES% = \Program Files


The following files were analyzed:

4DF3241C978EFDF0BA94B95F4AD5873BF573F013

The following files have been added to the system:

  • %WINDIR%\SYSTEM32\macromd\cute teen fingering herself on the sofa.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\hardcored blonde mature.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\couple babes getting off with well hung dude.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\senior blonde fucking and suckin like a teen.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\horny teen waking up with her pink pussy spread.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\two busty sluts fucked in bathroom.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\jenna jameson - shower scene.exe
  • %WINDIR%\SYSTEM32\macromd\Pamela Anderson.exe
  • %WINDIR%\SYSTEM32\macromd\showing some hot girls share cock.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\Teen Violent Forced Gangbang.exe
  • %WINDIR%\SYSTEM32\macromd\cutie nailed up the ass.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\babe with peach shape pussy that needs it bitten.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\wife in kitchen preparing hot pussy for hubby's dinner.mpg.pif
  • %WINDIR%\SYSTEM32\winxcfg.exe
  • %WINDIR%\SYSTEM32\macromd\2 horny babes doing 1 lucky dude.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\redhead in red lingerie ready to fuck.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\pamela anderson naked.mpg.exe
  • %WINDIR%\SYSTEM32\macromd\petite ebony enjoying her joy toy.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\old fucker punishing teeny.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\Choke on cum (sodomy, rape).mpg.exe
  • %WINDIR%\SYSTEM32\macromd\movie of mom who whip hot ass on daughter's big cock lover.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\action with three chicks getting it on with a guy.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\shy teen draining the juice from 2 cocks.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\shanks who serve up smelly pootang.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\dedicated honie giving dude a helping hand and head.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\blonde showing her pussy to her neighbor.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\lesbian strapon dildo entertainments.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\both holes fucked by a massive fucking machin.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\tiny little virgin showing off her cherry pussy.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\Two girls - Blonde and Brunette - Giving head.exe
  • %WINDIR%\SYSTEM32\macromd\sexy babe drinking hot jizz load.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\mature show older pussy and happy to do it.mpg.pif
  • %WINDIR%\SYSTEM32\macromd\babes with oversized hooters spreading.mpg.pif

The following registry elements have been changed:

  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\WINXCFG.EXE = %WINDIR%\SYSTEM32\winxcfg.exe
  • HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SETUP\VERSION = 131

   

All Users:

Please use the following instructions for all supported versions of Windows to remove threats and other potential risks:

1.Disable System Restore .

2.Update to current engine and DAT files for detection and removal.

3.Run a complete system scan.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

1. Please go to the Microsoft Recovery Console and restore a clean MBR.

On windows XP:

Insert the Windows XP CD into the CD-ROM drive and restart the computer.
When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
Select the Windows installation that is compromised and provide the administrator password
Issue 'fixmbr' command to restore the Master Boot Record
Follow onscreen instructions
Reset and remove the CD from CD-ROM drive.


On Windows Vista and 7:

Insert the Windows CD into the CD-ROM drive and restart the computer.
Click on "Repair Your Computer"
When the System Recovery Options dialog comes up, choose the Command Prompt.
Issue 'bootrec /fixmbr' command to restore the Master Boot Record
Follow onscreen instructions
Reset and remove the CD from CD-ROM drive.