Can I Get Rid Of The Nasty ‘Virus Penetrator’?

In recent years, virus Penetrator causes stress and grief computer users

 

It has no “snap” to a particular date, it begins its destructive actions immediately after the start of the executable.

 

The origin of the virus and the etymology of the name.

Different legends go about the origin of the virus. Allegedly, the Russian student programmer, rejected by his girlfriend, decided to avenge her in this way, but at the same time to the entire digital world…

The destructive effects of the Penetrator virus

 

All. Jpg-files (. Jpg,. Jpeg) are replaced by .Jpg-images (the size of 69h15 pixels, “weight” of 3.1 KB) with a stylized inscription Penetrator (black print on gray-white background).

Files. Bmp,. Png,. Tiff virus “doesn’t touch.”

Audio files (. Mp3,. Wma), video (. Avi,. Mpeg,. Wmv), files Word (. Doc,. Rtf), Excel (. Xls) and PowerPoint (. Ppt) are destroyed (usually just removed, rarely their contents are replaced by the other content, for example a text file is replaced by the coarse language).

That is – the virus corrupts the most precious thing that a PC user has!

Classification of the virus

Antivirus identify a malicious program differently (as always!): How does your computer get infected?

Tools of spread of the virus are internet, flash-drives.

Infection usually occurs during the startup of the file disguised as a screensaver *. scr, less the virus “pretends” to be the . Mp3files.

In addition – the Penetrator virus creates the following files:

 

  • WINDOWSsystem32deter * lsass.exe (unlike the present lsass.exe, “living” in a folder WINDOWSsystem32);
  • WINDOWSsystem32deter * smss.exe (in contrast to the present smss.exe, ” living “in a folder WINDOWSsystem32);
  • WINDOWSsystem32deter * svshost.exe (the letters” c “and” o “are Cyrillic, in contrast to the present svchost.exe);
  • WINDOWSsystem32ahtomsys *. exe (eg, ahtomsys19.exe);
  • WINDOWSsystem32stfmon.exe (the letters “c” and “o” are Cyrillic, in contrast to the present ctfmon.exe);
  • WINDOWSsystem32psagor *. exe (or psagor *. sys, or psagor *. dll; for example, psagor18.dll)

Files have attributes hidden, system, read-only. Size 114.5 KB.

The virus registers itself in the Windows registry settings REG_SZ-Shell and Userinit section [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogon].

The virus is memory-resident; it is loaded with the operating system on the infected PC and is always present in memory.

How to eliminate the destructive effects of the Penetrator virus

 

  1.  Check the hard drive with a reliable antivirus with fresh databases.
  2. Remove (if not destroyed by antivirus)
  3. Remove (if not destroyed antivirus) the following files:
  • WINDOWSsystem32deter * lsass.exe (delete the file with a folder deter *);
  • WINDOWSsystem32deter * smss.exe (delete the file with a folder deter *);
  • WINDOWSsystem32deter * svshost . exe (the letters “c” and “o” are Cyrillic, in contrast to the present svchost.exe; delete the file with a folder deter *);
  • WINDOWSsystem32ahtomsys *. exe (eg, ahtomsys19.exe);
  • WINDOWSsystem32psagor *. exe (or psagor *. sys, or psagor *. dll; example, psagor18.dll).

NEXT –  Check the registry key [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows REG_SZ-Shell parameter must be set to Explorer.exe;

REG_SZ-parameter Userinit should be set to C: WINDOWSSystem32userinit.exe,

NEXT –  Remove from startup files ahtomsys *. exe, fake stfmon.exe and psagor *. exe (see Registry

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]).

NEXT –  Remove the template Normal.dot.

THEN – Try to recover the files deleted by the virus. You shouldn’t obsess over, but something (if not recorded on top of other information!) will be able to recover.

Because files. Jpg are overwritten by the virus under the same name but different contents, they cannot be restored.

Your computer can get into serious problems if you do not pay attention to the regular update of the drivers. And this is where driver updater can save you much time and efforts.

We would like to give you some general tips – today the web technologies give you a really unique chance to choose exactly what you need for the best price on the market. Funny, but most of the people don’t use this chance. In real life it means that you must use all the tools of today to get the information that you need.

Search Google or other search engines for the topic of “driver reviver’

Visit social networks and have a look on the accounts that are relevant to your topic. Go to the niche forums and participate in the online discussion. All this will help you to create a true vision of this market. Thus, giving you a real chance to make a wise and nicely balanced decision.

Leave a Reply