W32/AutoRun-GP

Category: Viruses and Spyware Protection available since:23 Jul 2008 05:38:43 (GMT)
Type: Win32 worm Last Updated:23 Jul 2008 05:38:43 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/AutoRun-GP is a worm for the Windows platform. When run W32/AutoRun-GP creates the following files:

<Temp>\TunerSetup\svchost.exe - detected as W32/AutoRun-GP
<Temp>\TunerSetup\drives.dat - can be safely removed
<Temp>\TunerSetup\Icon.ico - can be safely removed
<Temp>\TunerSetup\paths.dat - can be safely removed
C:\Config\svchost.exe - detected as W32/AutoRun-GP
C:\Config\drives.dat - can be safely removed
C:\Config\Icon.ico - can be safely removed
C:\Config\paths.dat - can be safely removed
<Start Menu>\Programs\Startup\<no name>.lnk - can be safely removed

The following registry entries are set:

HKCU\Software\Microsoft\Internet Explorer\Main
Start Page
<domain name>

HKCU\Software\Microsoft\Internet Explorer\Main
Window Title
G.O.D Saikoboy's Internet Explorer

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoFolderOptions
1

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
1

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
installed
present2

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
winlogon
C:\CONFIG\svchost.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue
0

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy