Anti-Worm.Palevo 1.22

The Worm.P2P.Palevo.DP spreads automatically through spam using instant messaging platforms. It sends a message asking users to save a JPG file. The file is in fact the Worm.P2P.Palevo.DP itself. When the file is launched a virus will infect the host.

The worm creates four hidden files in Windows directory:
%Windir%\infocard.exe
%Windir%\mds.sys
%Windir%\mdt.sys
%Windir%\winbrd.jpg

Then it modifies a few registry keys to deactivate the firewall:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ [Firewall Administrating = "%Windir%\infocard.exe"] KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\ [Firewall Administrating = "%Windir%\infocard.exe"] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ [Firewall Administrating = "%Windir%\infocard.exe"]

Using this tool you will be able to remove the Worm.P2P.Palevo.DP from your system, if infected.