Virus:Worm/Autorun.sxa
Date discovered:21/09/2009
Type:Worm
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:Yes
File size:37.561 Bytes
MD5 checksum:e9c17ea72df329e7a8e46f13d2eeb00C
IVDF version:7.01.06.18 - Monday, September 21, 2009

 General Methods of propagation:
• Autorun feature
   • Mapped network drives


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Access to floppy disk
   • Records keystrokes
   • Registry modification
   • Steals information

 Files It copies itself to the following locations:
   • C:\Documents and Settings\makrorechner\Local Settings\Application Data\scvhost.exe
   • c:\Sys.exe



The following file is created:

– c:\autorun.inf This is a non malicious text file with the following content:
   • [autorun]
     open=Sys.exe

 Registry One of the following values is added in order to run the process after reboot:

–  [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
   • "Windows Generic Host Process"="C:\\Documents and Settings\\All Users\\Application Data\\scvhost.exe"

 Stealing – It captures:
    • Keystrokes

Description inserted by Alexander Neth on Tuesday, September 22, 2009
Description updated by Alexander Neth on Tuesday, September 22, 2009

Back . . . .