Avira Virus Lab

‹ Back

Worm/Autorun.TO.4

Summary
  • Name
    Worm/Autorun.TO.4
  • Date discovered
    Jan 13, 2012
  • VDF version
    7.11.21.10 (2012-01-13 08:52)
Description

The term 'WORM' denotes a worm that is able to spread itself, for instance, over the Internet (using email, peer-to-peer networks, or IRC networks, etc.).

This piece of malware is able to steal sensitive information.

  • VDF
    7.11.21.10 (2012-01-13 08:52)
  • Files
    The following copies of itself are created:
    • %SYSDIR%\windotnetsrv.exe
  • Registry
    The following registry entries are added:
    • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "windll" = "%SYSDIR%\windotnetsrv.exe"
  • Aliases
    ESET: Win32/AutoRun.VB.JN worm
    Microsoft: Worm:Win32/Autorun.TO
    Kaspersky Lab: Trojan.Win32.Agent2.clsf
    G Data: Trojan.GenericKDZ.13779
    Avast: Win32:AutoRun-COB
    Dr. Web: Worm.Siggen.11527