Avira Virus Lab

‹ Back


  • Name
  • Date discovered
    Jan 13, 2012
  • VDF version (2012-01-13 08:52)

The term 'WORM' denotes a worm that is able to spread itself, for instance, over the Internet (using email, peer-to-peer networks, or IRC networks, etc.).

This piece of malware is able to steal sensitive information.

  • VDF (2012-01-13 08:52)
  • Files
    The following copies of itself are created:
    • %SYSDIR%\windotnetsrv.exe
  • Registry
    The following registry entries are added:
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "windll" = "%SYSDIR%\windotnetsrv.exe"
  • Aliases
    ESET: Win32/AutoRun.VB.JN worm
    Microsoft: Worm:Win32/Autorun.TO
    Kaspersky Lab: Trojan.Win32.Agent2.clsf
    G Data: Trojan.GenericKDZ.13779
    Avast: Win32:AutoRun-COB
    Dr. Web: Worm.Siggen.11527