W32/Autorun.worm.h

June 10, 2014December 8, 2009 by Robert La Nguyen

W32/Autorun.worm.h will also perform the following tasks:

It will modify Windows Registry and add the following entries:

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Current Version\Explorer\{35106240-D2F0-DB35-716E-127EB80A0299}
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Current Version\Explorer\{43BF8CD1-C5D5-2230-7BB2-98F22C2B7DC6}

W32/Autorun.worm.h�will drop the following malicious files and folder:

%SystemDrive%\Diskrun.exe
%WINDIR%\system32\lowsec\local.ds
%WINDIR%\system32\lowsec\user.ds
%WINDIR%\system32\lowsec\user.ds.lll
%WINDIR%\System32\sdra64.exe
%SystemDrive%\Autorun.inf
%WINDIR%\system32\lowsec

Robert La Nguyen

Robert is a highly motivated writer with 3+ years of experience writing for ransomware, malware, adware, PUPs, and other cybersecurity-related issues. As a writer, he strives to create content that is based on thorough technical research.

Leave a Comment Cancel reply