Mal/Autorun-T

Category: Viruses and Spyware Protection available since:07 Sep 2010 23:24:16 (GMT)
Type: Malicious behavior Last Updated:07 Sep 2010 23:24:16 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Example behaviours of Mal/Autorun-T follow:

Example 1

File Information

Size
171K
SHA-1
fc2fc199233b6d1a328cc460fc245b2351bd310f
MD5
44667838deffe00d2b49ca2f0c379aa8
CRC-32
c06f3956
File type
application/x-ms-dos-executable
First seen
2010-07-23

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\support\Local Settings\Application Data\Start\update.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    Startup
    C:\Documents and Settings\support\Local Settings\Application Data\Start
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
    Startup
    C:\Documents and Settings\support\Local Settings\Application Data\Start
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    WebViewBarricade
    0x00000000

Example 2

Runtime Analysis

Copies Itself To
  • C:\Documents and Settings\support\Local Settings\Application Data\Start\update.exe
Registry Keys Modified
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders
    Startup
    C:\Documents and Settings\support\Local Settings\Application Data\Start
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
    Startup
    C:\Documents and Settings\support\Local Settings\Application Data\Start
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
    WebViewBarricade
    0x00000000

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy