Avira Virus Lab


  • Name
  • Date discovered
    Oct 8, 2015
  • Type
  • Impact
  • Reported Infections
  • Operating System
  • VDF version (2008-06-13 15:18)

Stay safe from all these threats with Avira Free Antivirus.

Avira Free Antivirus Download Free

The term 'TR' denotes a trojan horse that is able to spy out data, violate your privacy, or perform unwanted modifications to the system.

  • VDF (2008-06-13 15:18)
  • Aliases
    Avast: Win32:Virtu-C
    AVG: Autoit.DB
    ClamAV: Trojan.Siggen-7
    Dr. Web: Win32.Virut.5
    F-PROT: W32/Virut.AJ
    Trend Micro: PE_VIRUX.J-1
    Microsoft: Trojan:Win32/Dorv.A
    G Data: Win32.Virtob.X
    Kaspersky Lab: Worm.Win32.AutoRun.dtbv
    Bitdefender: Win32.Virtob.X
    ESET: Win32/Autoit.DB worm
  • Files
    The following files are deleted:
    • %TEMPDIR%\aut4E.tmp
    The following files are created:
    • %TEMPDIR%\aut4E.tmp
    • %WINDIR%\Tasks\At1.job
    • %SYSDIR%\setup.ini
    • %SYSDIR%\setting.ini
    The following copies of itself are created:
    • %SYSDIR%\regsvr.exe
    • %WINDIR%\regsvr.exe
    • %SYSDIR%\svchost .exe
    The following files are changed:
    • %SYSDIR%\cmd.exe
    • %temporary internet files%\Content.IE5\index.dat
    • %USERPROFILE%\Cookies\index.dat
    • %USERPROFILE%\Local Settings\History\History.IE5\index.dat
    • %WINDIR%\Prefetch\CMD.EXE-087B4001.pf
    • %temporary internet files%\Content.IE5\index.dat
    • %USERPROFILE%\Cookies\index.dat
    • %USERPROFILE%\Local Settings\History\History.IE5\index.dat
    • %PROGRAM FILES%\Java\jre7\bin\javaw.exe
  • Injections
    • \??\%SYSDIR%\winlogon.exe
    • %SYSDIR%\services.exe
    • %SYSDIR%\lsass.exe
    • %SYSDIR%\svchost.exe
    • %WINDIR%\System32\svchost.exe
    • %WINDIR%\Explorer.EXE
    • %SYSDIR%\spoolsv.exe
    • %WINDIR%\System32\alg.exe
    • %SYSDIR%\wscntfy.exe
    • %PROGRAM FILES%\Java\jre7\bin\jqs.exe
    • %PROGRAM FILES%\WinPcap\rpcapd.exe
  • Registry
    The following registry entries are changed:
    • HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\SFC ("ProgramFilesDir": "%PROGRAM FILES%"; "CommonFilesDir": "%PROGRAM FILES%\Common Files")
    The following registry entries are added:
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run ("Msn Messsenger": "%SYSDIR%\regsvr.exe")
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer ("NofolderOptions": dword:00000000)
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System ("DisableTaskMgr": dword:00000000; "DisableRegistryTools": dword:00000001)
    • HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ("SavedLegacySettings": %hex values%)
    • HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings ("ProxyEnable": dword:00000000)
    • HKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings ("ProxyEnable": dword:00000000)
    • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares ("shared": "\New Folder .exe")

Help make the web safer by sending us suspicious files/URLs to analyze

Submit your file/URL or Go to support.avira.com

Why submit a suspicious file?

If you encountered a suspicious file or website that’s not in our database, we’ll analyze it and determine whether it’s harmful. Our findings are then pushed out to our millions of users with their next virus database update. If you have Avira, you’ll get that update too. Don’t have Avira? Get it on our homepage.