Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:WORM/Autorun.110592.AZ.1
Date discovered:29/08/2010
Type:Worm
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:Yes
File size:110.592 Bytes
MD5 checksum:8d6f4319f1c631e4fb3e78f376df89aa
VDF version:7.10.04.220
IVDF version:7.10.11.44 - Sunday, August 29, 2010

 General Methods of propagation:
    Autorun feature
   • Mapped network drives


Aliases:
   •  Symantec: W32.SillyFDC
   •  Mcafee: W32/Autorun.worm.bx
   •  Kaspersky: Worm.Win32.AutoRun.bnpt
   •  TrendMicro: WORM_AUTORUN.FER
   •  Sophos: Mal/SillyFDC-A


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows 7


Side effects:
   • Drops files
   • Registry modification

 Files It copies itself to the following location:
   • %SYSDIR%\%executed file's name without extension%.exe



It copies the following files:
      %drive%\*.okf into %sysdir%\debug\



It deletes the initially executed copy of itself.



The following file is created:

C:\command.bat
%malware execution directory%\fpco.bat

 Registry The following registry key is added:

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows]
   • "run"="%SYSDIR%\sample.exe"

Description inserted by Andrei Ilie on Wednesday, February 9, 2011
Description updated by Andrei Ilie on Wednesday, February 16, 2011

Back . . . .