What is Worm:Win32/Morto.A?

Worm:Win32/Morto.A is a dangerous computer worm which is employed by remote attackers in order to get unauthorized access to an infected computer. It has been created to compromise administrator passwords; as a result, it is highly advisable to change login data  if the threat has already infected the system, especially if the usernames and passwords are such as admin, admin2, administrator and 123, 123456, 111111, respectively.

Technical details of Worm:Win32/Morto.A

It is very important to remove the threat as it capable of connecting to remote servers and downloading new files. However, everything starts when the threat installs itself and drops a .dll file which carries out the payload. If the Windows folder contains the files clb.dll and clb.dll.bak and its subfolders have such files as ntshrui.dll and cache.txt, it is a sign that a harmful infection is present within the system. Needless to say, the infection alters the Registry in order to disable some parts of the systems.

Once the worm successfully logins to the system, it creates a file .reg which functions to ensure that rundll32.exe is running with Administrator privileges. After this, Worm:Win32/Morto.A connects to different hosts in order to received new data and download updates for the components which are already present within the infected computer. It is also known that Worm:Win32/Morto.A may be used to perform DoS attacks.

The configuration data of the infection is stored using such registry values as HKLM\SYSTEM\Wpa\it, HKLM\SYSTEM\Wpa\id, HKLM\SYSTEM\Wpa\sn and some others.

As you can see, the threat creates a lot of different components all of which should be removed from the PC as soon as possible. The malware downloaded by the infection may not only take control of the machine but also record your inputs and collect identifiable information, including banking passwords and other valuable data.

If your anti-virus program has started popping up security alerts that show the pathname C:/Windows/Offline Web Pages/cache.txt but cannot terminate the infection, immediately implement a powerful spyware removal tool.

How to remove Worm:Win32/Morto.A?

Anti-Spyware-101.com team advises you against a manual removal of the infection and recommends utilizing SpyHunter. Unlike regular anti-virus programs that cannot terminate highly complex and dangerous threats, our anti-malware program can do it with easy. In order to check whether this threat is indeed running within the system, you can download our free scanner which will detect all the components of the infection.

100% FREE spyware scan and
tested removal of Worm:Win32/Morto.A*

Leave a Comment

Enter the numbers in the box to the right *