Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:DR.Autoit.XH
Date discovered:11/04/2009
Type:Dropper
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:247656 Bytes
MD5 checksum:862b8fa9bd546e06dac3f0ba8ae86647
VDF version:7.01.02.226

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Kaspersky: Trojan.Win32.Autoit.xh
   •  Eset: Win32/TrojanDownloader.Autoit.NAR
   •  Bitdefender: Trojan.Generic.1329107


Platforms / OS:
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Downloads a file

 Files It tries to download a file:

– The location is the following:
   • http://**********/multi2/svchosst.exe
It is saved on the local hard drive under: %WINDIR%\system32 Furthermore this file gets executed after it was fully downloaded. Detected as: TR/Dropper.Gen

 Registry It creates the following entry in order to bypass the Windows XP firewall:

– HKLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\
   FirewallPolicy\StandardProfile\AuthorizedApplications\List
   • "%SYSDIR%\svchosst.exe"="%SYSDIR%\svchosst.exe:*:Enabled:Windows Life
      Messenger"

 File details Runtime packer:
In order to aggravate detection and reduce size of the file it is packed with the following runtime packer:
   • UPX

Description inserted by Viktor Graeber on Wednesday, April 29, 2009
Description updated by Viktor Graeber on Wednesday, April 29, 2009

Back . . . .