Win32:Morto.P
Win32:Morto.P is a polymorphic file infector virus. This threat can infect executable files it may found on removable drives, local drives, and shared network drives. The virus will append its code to the last section of the file, increasing its size to around 47KB. When running on the computer, Win32:Morto.P may connect to an Internet address and download more threats.
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Windows Vista/7
Characteristics
When executed, Win32:Morto.P moves and modifies a file called wmicuclt.exe. Then, in order to have automated start-up, the virus registers a system service ‘Remove Access Connection Service.’ It also adds a bunch of registry entries that runs a variety of services when Windows starts. Next, Win32:Morto.P runs a new thread with an appended code using Windows critical processes such as svchost.exe and lsass.exe.
Once the virus is running on the computer, it will search removable drives and network drive for executable (.exe) files and infects them when found. Affected files will contain an appended code, thus increasing its size to 47KB. After making this modification, the virus will run once the host file is executed.
Distribution
This virus spreads through a number of means ordinarily employs by other similar threats. There is also an observation that malicious links from social networking sites will direct victims to a virus download page. Win32:Morto.P spreads locally via removable drives and shared network drives. It infects executable files by injecting malicious code.
Win32:Morto.P virus symptoms are limited only to pop-up alerts coming from installed antivirus program as shown in the image below. The virus will perform concealed actions that show no obvious signs.
How to Remove Win32:Morto.P
Restore Windows Components
During an infection, Win32:Morto.P drops various files. The worm intentionally hides system files by setting options in the registry. With these accomplishments, the best solution is to return Windows to previous working state is trough System Restore. If previous restore point is saved, you may proceed with Windows System Restore.Automatic Removal of Win32:Morto.P
1. Temporarily Disable System Restore (Windows Me/XP).
2. To identify even the most recent variant of Win32:Morto.P, open your antivirus application and update the virus definitions.
3. Start Windows in Safe Mode with Networking.
- From a power-off state, turn on the computer and press F8 repeatedly.
- Your computer will display Windows Advanced Boot Options menu. Select Safe Mode with Networking.
- System will boot Windows loading only necessary drivers and system files.
4. Open your antivirus program and run a full system scan. After the scan, delete all infected items. If unable to delete, better place them in quarantine. Once the scan is complete please proceed with the next step.
Scan with Norton Power Eraser:
Free tool from Symantec called Norton Power Eraser provides deep scanning technology to detect and remote threats like Win32:Morto.P. NPE targets and eliminate threats that regular virus scan fails to identify. Download NPE here.
Important! Because of Norton Power Eraser’s aggressive method, it can select even legitimate files as suspicious. Please use this tool very carefully.
Alternative Removal Method for Win32:Morto.P
Option 1 : Use Windows System Restore to return Windows to previous state
If Win32:Morto.P enters the computer, there is a big chance that Windows files, registry entries and other essential components are also infected. System Restore can reinstate clean system files by restoring the configuration to an earlier date. The method also replaces compromised files with a clean version. If you have a saved restore point before Win32:Morto.P infiltrates the PC, we highly encourage you to execute this procedure if none of the above works. You may proceed with Windows System Restore, click here to see the full procedure.