How-To Guide: Tips to Delete Win32.Warezov Worm and More

Sometimes you may face certain PC problems like screen hangs, application freezes, and even system shutdowns. One of the possible reasons for that can be a computer virus, malware, adware, or Warezov Worm and more. Read below to know how to delete a virus and set up a threat-free computing environment.

Since the cyber world is full of malicious threats, managing system security and privacy is becoming a bit difficult. Average users may trust an online virus scanner and rely on its projected reports, but it is important to consider that not all of them are 100% accurate. Many a times, malicious codes, spyware, adware, and other computer viruses may hide themselves from such online scans. Hence, they continue to execute malicious operations on your device. You may think that worm removal programs are capable of deleting such viruses and can remove every trace of it, but it is not true. A lot of virus removal software fails to remove Win32.Warezov Worm and more. If you think that you’ve read plenty of how to delete a virus guides, then read the article to know how to get rid of this worm.

Some General Details

The Win32.Warezov Worm, also known as Warezov, WORM_STRATION.BB, or W32/Stration-X, is a stubborn infection that can damage your computer hardware and software components to an irreparable extent. The malicious file is approximately 117KB in size, and it grows till 470KB in size when unpacked. The malicious code got first discovered on February 14, 2006, and it carries medium threat percentage. The infection is a mass-mailing worm, which is capable of sending itself as e-mail attachments to the contacts found on infected computers. Sometimes, the worm may also try to connect to the Internet to download updated variants from specified website(s). If your device gets infected, it will show the “Update successfully installed” message when the virus gets launched.

Technical Description of the Worm

When the virus will get installed on your system, it copies itself to the Windows root directory with the ‘serv.exe’ file name. The worm will also create the files mentioned below in the Windows root directory:

%System%cssewmpd (16384 bytes)
%System%wupstlnt.dll (28672 bytes)
%System%e1.dll (8192 bytes)
%System%regaufat.dll (24576 bytes)
%Windir%serv.dll (7680 bytes)
%Windir%serv.s
%Windir%serv.wax

Some advanced variants of Warezov can create the following files:

%Windir%tsrv.wax
%Windir%tsrv.exe
%Windir%tsrv.dll
%System%msji449c14b7.dll
%Windir%tsrv.s
%System%cmut449c14b7.dll
%System%hpzl449c14b7.exe

In addition to the files mentioned above, the worm will also create some entries in the system registry. These Windows Registry entries get created to ensure that the worm file gets loaded into the system memory, whenever Windows is rebooted on the victim machine. The Windows Registry entries are as follows:

[HKLMSoftwareMicrosoftWindowsCurrentVersionRun] ‘serv’=’%Windir%serv.exe s’
[HKLMSoftwareMicrosoftWindows NTCurrentVersionWindows] ‘AppInit_DLLs’=’wupstlnt.dll e1.dll’

The Warezov Worm and more can be highly dangerous for your system’s safety because it is capable of collecting email addresses by scanning files with the following extensions:

*.adb
*.asp
*.cfg
*.eml
*.htm
*.html
*.oft
*.php
*.txt
*.xls
.xml and many others.

How to Remove the Win32.Warezov Worm and More?

Reboot your Windows computer in ‘Safe Mode’ by pressing and holding the ‘F8’ key. Choose ‘Safe Mode’ option using the arrow keys in the Windows boot menu
Open ‘Task Manager’ to search for the “serv.ex” process
If you’ve found the process, terminate it
After that, try to delete the following files manually from the Windows root and system directories:

“%System%e1.dll

%System%regaufat.dll

%System%wupstlnt.dll

%Windir%serv.exe

%Windir%serv.dll

%Windir%serv.s

%System%cssewmpd

%Windir%serv.wax”

If you know that your device is infected with an advanced Warezov version, delete the following files:

“%Windir%tsrv.exe

%Windir%tsrv.wax

%Windir%tsrv.dll

%Windir%tsrv.s

%System%msji449c14b7.dll

%System%cmut449c14b7.dll

%System%hpzl449c14b7.exe”

Additionally, you will also need to delete the following registry values:

“[HKLMSoftwareMicrosoftWindowsCurrentVersionRun] ‘serv’=’%Windir%serv.exe s’

“[HKLMSoftwareMicrosoftWindows NTCurrentVersionWindows] ‘AppInit_DLLs’=’wupstlnt.dll e1.dll’

Now, reboot the computer as normal to bring the changes into effect
Check that you have successfully deleted all infected emails from all mail folders and you’re done.

Conclusion

Since the worm is one of the strongest malware existing over the web, it can terminate a range of antivirus and firewall applications. The worm is capable of tracking every keystroke your PC inputs and can send the details to malicious authors. It also contains a list of URLs for checking the advanced versions of Warezov Worm and more. If you think that the steps cannot complete the worm removal process, then look for some other how to delete a virus guides over the web.