W32/Autoinf-AK

Category:	Viruses and Spyware	Protection available since:	19 Apr 2010 12:58:58 (GMT)
Type:	Win32 worm	Last Updated:	19 Apr 2010 12:58:58 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Autoinf-AK is a worm for the Windows platform.
W32/Autoinf-AK includes functionality to:

- run automatically
- create batch scripts
- access the internet and communicate with a remote server via HTTP

W32/Autoinf-AK communicates via HTTP with the following locations:

acofinder . com

When W32/Autoinf-AK is installed the following files are created:

<User>\AgzybQ.exe
<User>\tVCMGc.bat
<User>\lucai.exe
<Temp>\geurge.exe

The file AgzybQ.exe is detected as Troj/Backdr-BT.
The file geurge.exe is detected as Troj/Agent-MZY.
The file lucai.exe is detected as Troj/Agent-MZZ.

The following registry entries are created to run luacai.exe and geurge.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ewrgetuj
<Temp>\geurge.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
luacai
<User>\luacai.exe

W32/Autoinf-AK sets the following registry entry, disabling the automatic
startup of the Windows Security Center service:

HKLM\SYSTEM\CurrentControlSet\Services\wscsvc
Start
0x00000004

The following registry entry is set:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0x00000000

Try Sophos products for free
Download now

W32/Autoinf-AK

Free Mac Anti-Virus

Popular topics