W32.Proyo
W32.Proyo infects .exe and .scr files on all fixed and remote drives. When infected file is executed, it copies itself on the same folder but with a .dmj extension. W32.Proyo can lower security settings on the compromised system by ending security-related process. This virus will look for .exe and .scr files and embed them with viral code that may result to an increase in size of about 45,056 bytes.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista
Technical Details and Additional Information:
What can W32.Proyo do to infected system?
- The virus will duplicate files in another extension – .dmj.
- It will copy itself on root folder of all fixed and removable drives.
- Drops an autorun.inf file to run the virus when the drive is accessed.
Malicious Files Added by W32.Proyo
%System%\oyo.exe
%DriveLetter%\autorun.inf
W32.Proyo – Removal
Removing W32.Proyo Manually:
1. If using Windows ME or XP, System Restore must be disabled to prevent the threat from restoring itself. [Windows XP System Restore]
2. Update the virus definitions.
3. Reboot Windows in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Restart Windows.
Anti-virus Tools
Scan with Norton Power Eraser:
Norton Power Eraser is a virus removal tool created by Norton Antivirus to remove unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.
MalwareBytes’ Flash Scanner:
MalawareBytes’ Flash Scanner is an added tool to MBAM that searches for malicious objects in USB and memory drives. If you have the full version of MalwareBytes’ Anti-Malware, start running MalwareByte’s Flash Scanner to remove infected autorun.inf and other worm-related files.