Mal/Autorun-R

Category: Viruses and Spyware Protection available since:07 Sep 2010 23:09:09 (GMT)
Type: Malicious behavior Last Updated:07 Sep 2010 23:09:09 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of Mal/Autorun-R include:

Example 1

File Information

Size
268K
SHA-1
0979f6f0dc0b8dcc6c9d7240ee7cb85dec2ecef7
MD5
db03dcfe947cc85de4e053e929f669b3
CRC-32
74e30eed
File type
application/x-ms-dos-executable
First seen
2010-08-17

Other vendor detection

Avira
TR/Spy.Gen
Kaspersky
Trojan.Win32.Cosmu.ist

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Start Menu\Programs\Startup\csrss.exe
  • C:\WINDOWS\smss.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\smss.exe
Modified Files
  • C:\RECYCLER
    • Set the system flag
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Csrss
    c:\RECYCLER\smss.exe
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    smss
    c:\RECYCLER\smss.exe
Processes Created
  • c:\windows\explorer.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\reg.exe

Example 2

File Information

Size
240K
SHA-1
cf291748a1e09943a43acffb28348bcf00acf2b1
MD5
c11c9400855ef9f696f64d7e2a4318cf
CRC-32
06e741d0
File type
application/x-ms-dos-executable
First seen
2010-08-25

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\All Users\Start Menu\Programs\Startup\csrss.exe
  • C:\New Folder (2).exe
  • C:\PLAY_XxX.exe
  • C:\WINDOWS\smss.exe
  • c:\Documents and Settings\test user\Local Settings\Temp\smss.exe
Dropped Files
  • C:\autorun.INF
Modified Files
  • C:\RECYCLER
    • Set the system flag
Registry Keys Created
  • HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    smss
    c:\RECYCLER\smss.exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Csrss
    c:\RECYCLER\smss.exe
Processes Created
  • c:\windows\explorer.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\reg.exe

Example 3

File Information

Size
240K
SHA-1
0585a6386798517a75ff845aed9334cb96b8e26a
MD5
38a3eb9f5665f42364db8f0857fb7f23
CRC-32
dc20553a
File type
application/x-ms-dos-executable
First seen
2011-01-03

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy