Is the file DESKTOP.SYSM located on your computer? Then your computer is infected.
We do suggest you should remove DESKTOP.SYSM from your computer as soon as possible.
DESKTOP.SYSM is Trojan/Backdoor.
Kill the process DESKTOP.SYSM and remove DESKTOP.SYSM from the Windows startup.
Malware Analysis of DESKTOP.SYSM
Full path on a computer: %SysDir%\Desktop.sysm
Detected by UnHackMe:
Item Name: VisualStyle
Author:
Current Setting: %SYSDIR%\DESKTOP.SYSM
Type: Registry Run
Removal Results: Success
Number of reboot: 1
DESKTOP.SYSM is known as:
Trojan.Azero.A, W32.Downldr2.BOTG, Trojan-Downloader.VB, W32.DLoader.GGHF, Win32:VB-ITN, Trafrox.B, TrojWare.TrojanDownloader.VB.~KE, Trojan-Downloader.VB.iri, HLLW.Nimda.57349, TR.Drop.VB.beo, PE_AZERO.A, Trojan.Drop.VB.beo, W32.Azero-A, Trojan.VB, W32.SillyFDC, Virus.Azero.A, Trojan.Downloader.396914, High Risk Worm, Win-Trojan.Xema.variant, Trojan.DL.VB.EEFX, Trojan.DL.VB.zar, W32.Azero.A
DESKTOP.SYSM hash:
- MD5: 4d2f6c08c26e530b15f1bb7b2cbc2843
Registry:- HKLM\Software\Classes\.Msd\Shell\Open\Command\: “%1″
- HKLM\Software\Classes\.sysm\Shell\Open\Command\: “%1″
- HKLM\Software\Microsoft\Windows\CurrentVersion\Run\VisualStyle: “c:\windows\system32\Desktop.sysm”
Folders:- %Profile%\Applications Data
- %Profile%\Applications Data\Excel
- %Profile%\Applications Data\Media Player
- %Profile%\Applications Data\Microsoft
- %Profile%\Applications Data\Office
- %Profile%\Applications Data\Windows
- %Profile%\Applications Data\Word
Files:- %Appdata%\Microsoft\2056
- %Appdata%\Microsoft\Desktop.ini
- %Appdata%\Microsoft\dvcv.exe
- %Appdata%\Desktop.ini
- %Temp%\~DF1BFE.tmp
- %Profile%\Applications Data\Desktop.ini
- %SysDir%\CommandPrompt.Sysm
- %SysDir%\Desktop.sysm
- %SysDir%\maxtrox.txt
- %SysDir%\Windows 3D.scr