Protect your system from copy.exe alias Salga.a worm

This is another common worm that infects computers and spreads from an infected system to another using Windows APIs (Application Programming Interfaces), emails, file-sharing networks and network shares.

Copy.exe is a kind of spyware. Also named as Salga.a Worm, it was discovered in Nov. 27, 2004 and it affects all versions of Windows. A spyware is a kind of application that has the ability to self-replicate itself without a host-program. It can send information from one computer to another without the user's permission and knowledge. Once infected, this worm will create copy.exe which is the worm and an autorun.inf file into each hard drives. The autorun.inf contains the commands to start copy.exe. And when try to double click the infected drive to open it, the worm will load itself. The worm also creates a file named svchost.exe in the Windows folder in the root drive (C drive) which starts executing. You will find svchost.exe in Windows/system folder or Windows/system32 folder and they are system files. The former is created by this worm. To remove the infection, first open the WindowsTask Manager (Press Ctrl+Alt+Del). Look for svchost.exe, copy.exe, xcopy.exe, temp.exe, temp1.exe, host.exe etc under your username and kill them if found. Remove the file svchost.exe from Windows folder in C drive. Now search for files named autorun.ini and copy.exe, host.exe etc in all the drives. These files are hidden in nature. So you will have to turn the hide files and folders option off in the folder options tab. It is possible that the worm might disable the 'Show hidden files and folders' so that our changes will not become effective. To rectify that, open the registry editor (RegEdit) - Startmenu->Run and type regedit and press enter. In the editor, navigate to the following keys and make the changes. HKEY_CURRENT_USER\Software\Microsoft\Windows\ CurrentVersion\Explorer\Advanced. To the right hand side, you will find the value “Hidden”. Right click and modify it to 1. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL and find the “Checked all” key to the right and change it to 1 from 2. This will enable “Show hidden files and folders” in the folder option menu. Also search and delete autorun.ini files from all the drives. Now you should be able to open the drives by double clicking them, or by right click->open. Once more, search and delete for copy.exe in your hard drive. Thus your computer is made free of Salga.a worm. We can prevent viruses and worms affecting our system if we are a little cautious. To know more about viruses and how to prevent their infection, please check our article on how to prevent and remove computer virus infection. In case you have any further queries, we are there to help you. Please visit our Contact Us page for details.