1

Imsolk Email Worm ‘Here You Have’

Email-Worm.Imsolk is a worm that propagates via email, removable drives and network shares. It sends emails containing a malicious download link to email addresses harvested from the infected machine.

The worm targets recipients from contacts found in the Outlook Address Book and from the instant messaging software Yahoo Messenger.

The malicious email messages we have seen being sent out by this worm are the following:

Subject: Here you have or Just for you

Hello:
This is The Document I told you about, you can find it Here.
(malicious link)
Please check it and reply as soon as possible.
Cheers,

or

Hello:

This is The Free Dowload Sex Movies, you can find it Here.
(malicious link)
Enjoy Your Time.

Cheers,

Again, we can see that the bad guys are using social engineering by sending the malicious emails under the infected machine’s email address. Another trick used in the attack is the way the malware hides the actual download URL. The links above take an unsuspecting user to PDF files. Upon execution, the worm drops the following copies of itself:

%windows%csrss.exe
%windows%systemupdates.exe

In addition to the above files, the following files are also created on the affected machine:

%windows%ff.exe
%windows%gc.exe
%windows%hst.iq
%windows%ie.exe
%windows%im.exe
%windows%op.exe
%windows%pspv.exe
%windows%rd.exe
%windows%re.exe
%windows%re.iq
%windows%tryme1.exe
%windows%vb.vbs
%system%SendEmail.dll

In order to execute automatically the worm modifies the following registry entry:

HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon
Shell= Explorer.exe %windows%csrss.exe

Email-Worm.Imsolk copies itself to removable drives and mapped drives as open.exe alongside an autorun.inf file to allow automatic execution.

The worm also injects itself into the execution sequence of a number of mostly security-related applications by using the Debugger data under the following registry keys:

HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options0hoeav.com
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsw.com
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360rpt.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360safe.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360safebox.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360tray.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options6.bat
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options6fnlpetp.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options6x8be16.cmd
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsBIOSREad.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsBdSurvey.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsCaVCmd.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsCavaUd.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsCavapp.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsa2cmd.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsa2free.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsa2service.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsa2upd.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaNtIaRP.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaNtS.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaPVxdWIN.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaVCONSOL.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaVENGINE.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaVP32.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaVPCC.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaVPM.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsabk.bat
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsadobe Gamma Loader.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsalgsrvs.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsalgssl.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsangry.bat
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsanti-trojan.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsantihost.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsapu-0607g.xml
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsapu.stt
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsarSwp.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashEnhcd.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashLogV.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashMaiSv.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashPopWz.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashQuick.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashServ.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashSkPcc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashUpd.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashWebSv.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsashdisp.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsast.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaswBoot.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaswRegSvr.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaswUpdSv.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsautoRun.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsautoRunKiller.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsautorun.bin
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsautorun.ini
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsautorun.reg
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsautorun.txt
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsautorun.wsh
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsautoruns.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsautorunsc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsavMonitor.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavadmin.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsavastSS.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavcenter.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavciman.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavconfig.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgamsvr.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgas.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgcc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgcc32.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgemc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavginet.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgnt.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgrssvc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgrsx.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgscan.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgscanx.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgserv.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavguard.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgupsvc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgw.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgwdsvc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavltd.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavmailc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavnotify.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavp.com
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavp.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavscan.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavzkrnl.dll
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbad1.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbad2.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbad3.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbdagent.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbdsubwiz.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsblackd.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsblackice.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionscaiss.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionscaissdt.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionscatcache.dat
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionscauninst.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionscavasm.ExE

The worm also disables the Windows User Account Control (UAC) via the Windows Registry:

HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem
EnableLUA=dword:00000000

As a form of retaliation against the good guys, the worm attempts to stop and delete related services with the following service names:

0053591272669638mcinstcleanup
AVG Security Toolbar Service
AVGIDSAgent
AVP
AntiVirFirewallService
AntiVirMailGuard
AntiVirSchedulerService
AntiVirService
Arrakis3
Avast! Antivirus
Avgfws9
Gwmsrv
LIVESRV
MSK80Service
Mc0DS
Mc0obeSv
McAfee SiteAdvisor Service
McMPFSvc
McNASvc
McProxy
McShield
NIS
PAVFNSVR
PAVSRV
PSHost
PSIMSVC
Panda Software Controller
PavPrSrv
PskSvcRetail
SfCtlCom
TMBMServer
TPSrv
TmProxy
VSSERV
aswUpdSv
avast! Mail Scanner
avast! Web Scanner
avg9wd
mcmscsvc
mfefire
mfevtp
scan
sdAuxService
sdCoreService

Manual Removal Guide

In order to manually remove Email-Worm.Imsolk, the following files need to be deleted (terminate running processes if they are running):

% windows%systemupdates.exe
%windows%csrss.exe
%windows%ff.exe
%windows%gc.exe
%windows%hst.iq
%windows%ie.exe
%windows%im.exe
%windows%op.exe
%windows%pspv.exe
%windows%rd.exe
%windows%re.exe
%windows%re.iq
%windows%tryme1.exe
%windows%vb.vbs
%system%SendEmail.dll

To prevent the malware from injecting into the execution sequence of security-related applications, browse the Windows Registry Editor and remove each of the following subkeys or delete the Debugger data under each subkey:

HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options0hoeav.com
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsw.com
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360rpt.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360safe.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360safebox.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options360tray.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options6.bat
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options6fnlpetp.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Options6x8be16.cmd
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsBIOSREad.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsBdSurvey.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsCaVCmd.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsCavaUd.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsCavapp.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsa2cmd.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsa2free.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsa2service.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsa2upd.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaNtIaRP.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaNtS.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaPVxdWIN.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaVCONSOL.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaVENGINE.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaVP32.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaVPCC.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaVPM.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsabk.bat
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsadobe Gamma Loader.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsalgsrvs.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsalgssl.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsangry.bat
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsanti-trojan.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsantihost.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsapu-0607g.xml
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsapu.stt
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsarSwp.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashEnhcd.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashLogV.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashMaiSv.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashPopWz.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashQuick.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashServ.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashSkPcc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashUpd.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsashWebSv.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsashdisp.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsast.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaswBoot.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaswRegSvr.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsaswUpdSv.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsautoRun.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsautoRunKiller.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsautorun.bin
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsautorun.ini
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsautorun.reg
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsautorun.txt
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsautorun.wsh
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsautoruns.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsautorunsc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsavMonitor.ExE
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavadmin.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution OptionsavastSS.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavcenter.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavciman.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavconfig.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgamsvr.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgas.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgcc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgcc32.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgemc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavginet.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgnt.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgrssvc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgrsx.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgscan.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgscanx.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgserv.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavguard.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgupsvc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgw.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavgwdsvc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavltd.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavmailc.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavnotify.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavp.com
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavp.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavscan.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsavzkrnl.dll
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbad1.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbad2.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbad3.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbdagent.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsbdsubwiz.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsblackd.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionsblackice.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionscaiss.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionscaissdt.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionscatcache.dat
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionscauninst.exe
HKLMSOFTWAREMicrosoftWindows NTCurrentVersionImage File Execution Optionscavasm.ExE

Restore the following registry values:

HKLMSOFTWAREMicrosoftWindowsCurrentVersionpoliciessystem
EnableLUA=dword:00000000 – restore value to EnableLUA=dword:00000001

HKLMSOFTWAREMicrosoftWindows NTCurrentVersionWinlogon
Shell= Explorer.exe %windows%csrss.exe – restore value to Shell=Explorer.exe

Solution:

How can I remove Email-Worm.Imsolk?

First, download and install Spyware Doctor. Then, use it to scan your PC. If your PC is infected with Email-Worm.Imsolk or any other malware, the name of the infection will be listed. The infections can be removed by purchasing Spyware Doctor.

For Spyware Doctor non-beta users:
Ensure you have the latest version of our signature database using SmartUpdate. This will protect you from the latest threats in the wild including Email-Worm.Imsolk.

Spyware Doctor is a legitimate, multi-award winning antispyware program offering free customer support and a 100% Money Back Guarantee.

Spyware Doctor Detects and Removes Email-Worm.Imsolk

Spyware Doctor uses the most advanced anti-malware technology to detect and block any suspicious activity on your PC. Spyware is becoming more sophisticated; constantly evolving it’s method of attack. The results can be menacing, from damaged files, to slow computer speed, to stolen logins and identity theft. We’ve built in real-time behavioural analysis to automatically recognize and respond to any style of malware attack, even never seen before, “zero-day” threats. Use Spyware Doctor and you can be confident that your PC is secure.

Spyware Doctor continues to receive awards by leading PC authorities such as PC World, PC Magazine, PC Pro, PC Plus, PC Authority, PC Utilities, PC Advisor, PC Choice, Microdatorn, Computer Bild and PC Answers Magazine with a “Best of the Year” award 2 years in a row.

Tests show that Spyware Doctor prevents, detects and removes more Spyware, Adware, and other common threats than other leading security software.

Purchase Spyware Doctor by PC Tools today to instantly protect you from new threats and remove the current ones on your PC.

Features:
• Total Anti-Spyware and Anti-Malware solution
• Zero-Day threat protection
• Frequent, free updates
• Fast scanning and removal
• Won’t slow your PC down
• Easy to use with Intelliguard technology
• Customizable settings with password protection
• FREE customer support
• 100% Money Back Guarantee
And more…

This entry was posted in Malware Alerts and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>