Need help? Ask the community or hire an expert.
Go to Avira Answers
Virus:WORM/Autorun.qfe
Date discovered:30/06/2010
Type:Worm
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low to medium
Damage Potential:Low to medium
Static file:Yes
File size:262.144 Bytes
MD5 checksum:a477ca82726e9998a5914cff90783f57
VDF version:7.10.03.202
IVDF version:7.10.08.233 - Wednesday, June 30, 2010

 General Method of propagation:
   • No own spreading routine


Aliases:
   •  Symantec: W32.SillyFDC
   •  Mcafee: W32/Autorun.worm.bx
   •  Kaspersky: Worm.Win32.AutoRun.bqpq
   •  Sophos: Mal/Emogen-Y


Platforms / OS:
   • Windows 2000
   • Windows XP
   • Windows 2003
    Windows Vista
    Windows 7


Side effects:
   • Drops files
   • Registry modification
   • Steals information

 Files It copies itself to the following location:
   • %PROGRAM FILES%\Common Files\svchost.exe



The following files are created:

%tempdir%\xx%number% This is a non malicious text file with the following content:
   • Retrieved system specific informations.

%PROGRAM FILES%\Common Files\log\%computer name%\%current time%.cab.bak
%WINDIR%\drive.ini
%WINDIR%\log\%current time%.cab

 Registry The following registry keys are added:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
   Folder\Hidden\SHOWALL]
   • "CheckedValue"="dword:00000001"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\
   Folder\HideFileExt]
   • "UncheckedValue"="dword:00000000"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
   • "Userinit"="%SYSDIR%\userinit.exe,%PROGRAM FILES%\Common Files\svchost.exe -s"

 Backdoor Sends information about:
     CPU speed
    • CPU type
     Hardware
     IP address
     MAC address
     Information about the network
     Platform ID
     System directory
     System time
     Windows directory
     Information about the Windows operating system

 Miscellaneous Trusted file pretending:
Its process pretends to be the following trusted process: svchost.exe

 File details Programming language:
The malware program was written in MS Visual C++.

설명 삽입자 Andrei Ilie   2011년 2월 16일 수요일
설명 업데이트 Andrei Ilie   2011년 2월 18일 금요일

뒤로 . . . .
https:// 이 창은 보안을 위해 암호화되었습니다.