W32/Autorun.worm!ju

W32/Autorun.worm!ju may also perform the following payloads: It will modify Windows Registry and add the following entries: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] “Explorador” = “%WINDIR%\Hyden.dll.exe” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\] “matriz” = “explorer.exe Twain32.dll.exe” [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\KnownDLLs\] “Hyden” = “Hyden.dll.exe” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\] “Hyden” = “Hyden.dll.exe”[%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)] The threat will drop the following malicious files: %WINDIR%\system32\Explores.exe %WINDIR%\system32\Hyden.dll.exe %WINDIR%\system32\Twain32.dll.exe … Read more

W32.SillyFDC.BDG

When W32.SillyFDC.BDG is present on the computer, it will perform the following tasks: It will modify Windows Registry and add the following entries: HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\”Windows Media Player” = “%ProgramFiles%\Windows Media Player\wmplayerc.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\”FirewallDisableNotify” = “1” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\”FirewallOverride” = “1” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\”UpdatesDisableNotify” = “1” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\”AntiVirusDisableNotify” = “1” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\”AntiVirusOverride” = “1” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\”EnableLUA” = “0” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows … Read more

W32/Autorun.worm.h

W32/Autorun.worm.h will also perform the following tasks: It will modify Windows Registry and add the following entries: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Current Version\Explorer\{35106240-D2F0-DB35-716E-127EB80A0299} HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Current Version\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6} W32/Autorun.worm.h will drop the following malicious files and folder: %SystemDrive%\Diskrun.exe %WINDIR%\system32\lowsec\local.ds %WINDIR%\system32\lowsec\user.ds %WINDIR%\system32\lowsec\user.ds.lll %WINDIR%\System32\sdra64.exe %SystemDrive%\Autorun.inf %WINDIR%\system32\lowsec

W32.SillyFDC.BBX

What are the Symptoms of W32.SillyFDC.BBX Infection? It will modify Windows Registry and add the following entries: HKEY_CURRENT_USER\Software\Microsoft\Windows\Current Version\Run\”Msn Messsenger” = “%System%\regsvr.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Current Version\Run\”svchost Agent” = “%System%\28463\svchost.exe” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Schedule\”AtTaskMaxHours” = “0” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess \Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\”%CurrentFolder%\[ORIGINAL THREAT FILE NAME].exe” = “%CurrentFolder%\[ORIGINAL THREAT FILE NAME].exe:*:Enabled:ipsec” The threat will drop the following malicious files: %DriveLetter%\New Folder .exe %DriveLetter%\jxcw.exe %DriveLetter%\regsvr.exe %DriveLetter%\autorun.inf %System%\28463\svchost.001 %System%\28463\svchost.exe … Read more