New Virus Erases MP3s from Your Computer

I don’t want to get all conspiratorial, but could this be another sick ploy by the RIAA to "deal with"  muisc "piracy."  Hope not, because this virus attacks legally purchased music in MP3 format as well
Monday August 6, 2007

Some malware hijacks your computer to send spam. Some steals your passwords and credit card numbers. But the worst malware crime of all has emerged: Symantec is reporting W32.Deletemusic, a worm that deletes all MP3 files on your system.

In all seriousness, Symantec categorized this threat as "Risk Level 1: Very Low" with somewhere between 0 and 49 infections observed at up to 2 sites. And those zeros are serious, it may not actually be in the wild.

The worm first copies itself to all drives in the system, including removable drives, as csrss.exe. It also creates a autorun.inf file so that the program will be run if the drive is mounted. It creates a "RunOnce" entry to run itself and, incredibly, names the entry "Worms":

CurrentVersionRunOnce"Worms" = "C:WINDOWSsystem32logon.bat"

Finally, it sets certain other registry values in order to make it harder to stop, by disabling Task Manager for example.

To stop threats like this, use common sense and good habits: install antivirus software and keep it up to date, and don’t go clicking on links and executable files from untrusted sources.



About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.