¿Necesita ayuda? Pregunte a la comunidad o contrate a un experto.
Ir a Avira Answers
Virus:WORM/Autorun.qfe
Date discovered:30/06/2010
Type:Worm
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:Yes
File size:262.144 Bytes
MD5 checksum:a477ca82726e9998a5914cff90783f57
VDF version:7.10.03.202
IVDF version:7.10.08.233 - Wednesday, June 30, 2010

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Symantec: W32.SillyFDC
   •  Mcafee: W32/Autorun.worm.bx
   •  Kaspersky: Worm.Win32.AutoRun.bqpq
   •  Sophos: Mal/Emogen-Y


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows 7


Side effects:
   • Drops files
   • Registry modification
   • Steals information

 Files It copies itself to the following location:
   • %PROGRAM FILES%\Common Files\svchost.exe



The following files are created:

%tempdir%\xx%number% This is a non malicious text file with the following content:
   • Retrieved system specific informations.

%PROGRAM FILES%\Common Files\log\%computer name%\%current time%.cab.bak
%WINDIR%\drive.ini
%WINDIR%\log\%current time%.cab

 Registry The following registry keys are added:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
   Folder\Hidden\SHOWALL]
   • "CheckedValue"="dword:00000001"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
   Folder\HideFileExt]
   • "UncheckedValue"="dword:00000000"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   • "Userinit"="%SYSDIR%\userinit.exe,%PROGRAM FILES%\Common Files\svchost.exe -s"

 Backdoor Sends information about:
     CPU speed
    • CPU type
     Hardware
     IP address
     MAC address
     Information about the network
     Platform ID
     System directory
     System time
     Windows directory
     Information about the Windows operating system

 Miscellaneous Trusted file pretending:
Its process pretends to be the following trusted process: svchost.exe

 File details Programming language:
The malware program was written in MS Visual C++.

Descripción insertada por Andrei Ilie el miércoles 16 de febrero de 2011
Descripción actualizada por Andrei Ilie el viernes 18 de febrero de 2011

Volver . . . .
https:// Esta ventana está cifrada para su seguridad.