It seems like a worm more or less a along vir detail below - you wlll have to scan and remove it using a good antivirus program:
Virus Profile:
W32/Xiaoho.worm
Name:
W32/Xiaoho.worm
Risk Assessment
- Home Users:
Low-Profiled
- Corporate Users:
Low-Profiled
Date Discovered:
8/1/2007
Date Added:
8/1/2007
Origin:
N/A
Length:
Varies
Type:
Virus
SubType:
Worm
DAT Required:
5088
Virus Characteristics
-- Update August 18, 2007 --
The risk assessment of this threat has been updated to Low-Profiled due to media attention at:
http://shanghaiist.com/2007/08/17/vicious_new_chi.php
To receive an extra.dat file for this threat please visit: https://www.webimmune.net/extra/getextra.aspx
This detection is for a worm which tries to copy itself to removable drives. It will destroy systems it's used on by infecting all .exe files and changing their icons to the Chinese character HAO.
Upon execution, the worm drops a copy of itself into the Windows System folder:
The worm creates the following registry keys to activate itself:
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{H9I12RB03-AB-B70-7-11d2-9CBD-0O00FS7AH6-9E2121BHJLK}\: "ïµí³éèöã"
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{H9I12RB03-AB-B70-7-11d2-9CBD-0O00FS7AH6-9E2121BHJLK}\stubpath: "%SystemRoot%\system32\exloroe.exe"
It spreads by dropping files named autorun.inf and xiaohao.exe on removable drives and setting file attributes as hidden.
The worm infects .exe files by overwriting them or corrupting them beyond repair. This changes their icon to Chinese word HAO.
and changes active window title as "X14o-H4o":
×