W32.Fiala.A is a worm that spreads itself through your removable drives. W32.Fiala.A blocks certain applications from launching, and, as an early birthday gift, W32.Fiala.A may drop Trojans on your PC (think Trojan Horse, Hacktool.Rootkit or Trojan.KillAV).

Thanks, W32.Fiala.A.

Block W32.Fiala.A sites:
wuc8.com
wuc9.com

Get rid of W32.Fiala.A files:
%DriveLetter%\JR.PIF

%DriveLetter%\AUTORUN.INF

%System%\dllcache\linkinfo.dll (a clean file that may already be present)

%System%\mfc1.dll (a legitimate copy of Microsoft’s MSVCR71.dll)

%SystemDrive%\AUTORUN.INF

%SystemDrive%\bps.dll (a copy of Trojan Horse)

%ProgramFiles%\henaji.pif (this file may be detected as Trojan Horse, Hacktool.Rootkit or Trojan.KillAV)

%Windir%\Fonts\bat.sys (this file may be detected as Trojan Horse, Hacktool.Rootkit or Trojan.KillAV)

%Windir%\Fonts\kpsp.sys (this file may be detected as Trojan Horse, Hacktool.Rootkit or Trojan.KillAV)

%Windir%\Fonts\lstis.sys (this file may be detected as Trojan Horse, Hacktool.Rootkit or Trojan.KillAV)

AS21a669aS

Delete W32.Fiala.A registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAV.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ravservice.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASARP.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav32.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kavstart.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\”CheckedValue” = “2?

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360rpt.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safe.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360tray.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ANTIARP.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Navapsvc.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Nod32kui.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\QQDoctor.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kmailmon.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPfwSvc.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonxp.KXP\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVWSC.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kwatch.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVTRAY.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Regedit.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rfwstub.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Ast.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRunKiller.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP.COM\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AVP.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Frameworkservice.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GuardField.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Mmsk.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsMain.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RSTray.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Runiep.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.EXE\”debugger” = “%System%\dllcache\spoolsv.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREngLdr.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.KXP\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPC32.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\VPTRAY.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WOPTILITIES.EXE\”debugger” = “%System%\dllcache\spoolsv.exe”