W32/Krisworm-A is a worm which spreads by targeting computers with weak administrator and user passwords.
The worm installs several files in the fonts subfolder of the Windows fonts folder adds the registry entry:
= <Windows fonts>\fonts\sys.exe
The malicious files installed by the worm are:
man.bat (detected by Sophos Anti-Virus as Troj/Noshare-N)
The worm also installs the following files which are not malicious :
a.q - a list of words
bd.exe - a utility used for hiding windows
dex.exe - a networking utility used for running processes on other computers
fhgh.cca - a text file containing a counter
kern.exe - a utility that list running processes
Sys.exe - a copy of the mIRC chat client.
x.xx - a text file containing a list of IP ranges
W32/Krisworm-A attempts to copy itself to the admin$ share on remote computers and execute the copy. The worm acts as a backdoor and IRC proxy server, allowing a remote attacker to control the infected computer.
Help, my PC with Windows 10 won't shut down properly
Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?