BAT.Boohoo.Worm (Removal Guide) - Free Instructions

BAT.Boohoo.Worm Removal Guide

What is BAT.Boohoo.Worm?

BAT.Boohoo.Worm – a malicious program that spreads via weakly protected network shares


BAT.Boohoo.Worm is a self-spreading computer threat that is designed to infect Windows computers and perform malicious tasks on them. First discovered in 2003, this malware can attack private users as well as networks of corporations and businesses. The worm mainly spreads via weakly protected network shares after the attackers scan the internet with special tools.

Name BAT.Boohoo.Worm
Also known as Mumu, IROffer12, NTScan
Type Worm, malware
Distribution Open or weakly protect network connections
Function Steal sensitive information and deliver it to cybercriminals
Often installed with Valla virus
Removal Perform a full system scan with anti-malware software – SpyHunter 5Combo Cleaner
System fix If a worm damaged Windows system files, it might malfunction. To remediate your OS and ensure its proper operation, scan it with FortectIntego

Since its release in 2003, there have been several different Boohoo worm variants discovered in the wild, each of which slightly different. Some of the versions included more functionality and capabilities than its previous versions.

The virus consists of multitude of malicious utilities and tools, including batch files, nVIDIA and other legitimate utilities, text files, and more. It is important to keep in mind that different versions of the virus support and use different components, so not every variant will have all of these.

Here is an example of files that could be present on an infected device:

  • starter.bat
  • scan.bat
  • ip.bat
  • hacker.bat
  • Xecuter.bat
  • regkeyadd.REG, etc.

All these files are copied to Windows/System32 folder, where they begin to replicate and infect other files and folders located on the host machine.

The main goal of cybercriminals behind this strain is to steal sensitive information related to a computer user or corporate entity. BAT.Boohoo.Worm is capable of logging keystrokes and stealing passwords on the infected device or network. Hence, the damage can be significant.

Malware removal steps

In order to remove this parasite, you should perform a full system scan with a reliable anti-malware software – we recommend using SpyHunter 5Combo Cleaner or Malwarebytes. Do not forget to update security app to the latest version before performing this step. Also, due to severe level of compromise, you might not be able to use antivirus. In such case, access Safe Mode with networking as explained below and perform a full system scan from there.

Worm malware can infect various system and application files on the host computer, which might completely corrupt necessary files. As a result, programs might start crashing or Windows malfunctioning. If you have to deal with such problems, reinstall the operating system or use FortectIntego to fix damaged system files automatically.

do it now!
Fortect Happiness
Intego Happiness
Compatible with Microsoft Windows Compatible with macOS
What to do if failed?
If you failed to fix virus damage using Fortect Intego, submit a question to our support team and provide as much details as possible.
Fortect Intego has a free limited scanner. Fortect Intego offers more through scan when you purchase its full version. When free scanner detects issues, you can fix them using free manual repairs or you can decide to purchase the full version in order to fix them automatically.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Fortect, try running SpyHunter 5.
Alternative Software
Different software has a different purpose. If you didn’t succeed in fixing corrupted files with Intego, try running Combo Cleaner.

How to prevent from getting worms

Access your website securely from any location

When you work on the domain, site, blog, or different project that requires constant management, content creation, or coding, you may need to connect to the server and content management service more often. The best solution for creating a tighter network could be a dedicated/fixed IP address.

If you make your IP address static and set to your device, you can connect to the CMS from any location and do not create any additional issues for the server or network manager that needs to monitor connections and activities. VPN software providers like Private Internet Access can help you with such settings and offer the option to control the online reputation and manage projects easily from any part of the world.


Recover files after data-affecting malware attacks

While much of the data can be accidentally deleted due to various reasons, malware is one of the main culprits that can cause loss of pictures, documents, videos, and other important files. More serious malware infections lead to significant data loss when your documents, system files, and images get encrypted. In particular, ransomware is is a type of malware that focuses on such functions, so your files become useless without an ability to access them.

Even though there is little to no possibility to recover after file-locking threats, some applications have features for data recovery in the system. In some cases, Data Recovery Pro can also help to recover at least some portion of your data after data-locking virus infection or general cyber infection. 


About the author
Ugnius Kiguolis
Ugnius Kiguolis - The mastermind

If this free guide helped you and you are satisfied with our service, please consider making a donation to keep this service alive. Even a smallest amount will be appreciated.

Contact Ugnius Kiguolis
About the company Esolutions