Home Blog

WORM_MORTO.SM – What is the Effective Way to Remove WORM_MORTO.SM

Posted by in Blog Worm
on October 23rd, 2012 | Leave a comment

WORM_MORTO.SM is one of the worms that use remote desktop protocol to spread themselves. Usually, the worm gets into a target computer by the help of other pc threats such as downloader Trojan or by attaching to a program. Users randomly download software online could easily get those infected programs or fake software. Once accessing a computer, WORM_MORTO.SM will store itself to another file and hide the original files from users. To run resident on the infected computer, the worm will insert itself to system processes and modify startup registry entries. To prevent itself from being deleted, it will create more copies and modify more system files. The infection is very complicated. It is highly recommended to remove WORM_MORTO.SM by a professional virus removal program.

Manual removal instruction
Besides a professional virus removal program, there is another solution. Are you sure you can complete manual removal? We think users lack of advanced pc skills should not take a risk to try WORM_MORTO.SM manual removal. Any mistake during the removal could lead to a huge damage to the vulnerable system.
1. Delete following files

%Windows%\Offline Web Pages\cache.txt
%System%\Sens32.dll
%Windows%\clb.dl

2. Delete WORM_MORTO.SM registry entries

[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] ConsentPromptBehaviorAdmin=0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] EnableLUA=0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows NoPopUpsOnBoot = “1″
HKEY_LOCAL_MACHINE\SYSTEM\WPA id = “1293D1C15VAVUJTN”
HKEY_LOCAL_MACHINE\SYSTEM\WPA ie = “%current folder%\{malware name}.exe”
HKEY_LOCAL_MACHINE\SYSTEM\WPA it = “{hex values}”
HKEY_LOCAL_MACHINE\SYSTEM\WPA md = “{garbage code}”
HKEY_LOCAL_MACHINE\SYSTEM\WPA sn = “6to4″
HKEY_LOCAL_MACHINE\SYSTEM\WPA sr = “Sens”

What is the effective way to remove WORM_MORTO.SM
The answer is of course using a professional virus removal program. You probably have security program on your computer which failed to deal with the infection. Choosing the right virus removal program is also the key to remove WORM_MORTO.SM completely since not all can remove the worm. Our recommendation is to use an antispyware program like Spyware Cease。 An antispyware program is more effectively than an antivirus program in deleting WORM_MORTO.SM. Spyware Cease, one of the comprehensive security programs, can help you get rid of the worm instantly. If you are looking for the quickest solutions, it should be one.

Leave a Reply