W32/Autoit-K

Category: Viruses and Spyware Protection available since:11 Jun 2008 07:31:39 (GMT)
Type: Win32 worm Last Updated:11 Jun 2008 07:31:39 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Autoit-K exhibits the following characteristics:

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\regsvr.exe
  • C:\WINDOWS\system32\regsvr.exe
  • C:\WINDOWS\system32\svchost .exe
  • F:/New Folder .exe
  • F:/regsvr.exe
Dropped Files
  • C:\WINDOWS\system32\setup.ini
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    NofolderOptions
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares
    shared
    \New Folder .exe
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
    DisableTaskMgr
    0x00000000
  • HKLM\SYSTEM\CurrentControlSet\Services\Schedule
    AtTaskMaxHours
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
    GlobalUserOffline
    0x00000000
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Msn Messsenger
    C:\WINDOWS\system32\regsvr.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell
    Explorer.exe regsvr.exe
Processes Created
  • c:\windows\system32\at.exe
  • c:\windows\system32\cmd.exe
HTTP Requests
  • http://www.yahoo.com/setting.doc
  • http://www.yahoo.com/setting.xls
  • http://yahoo.com/setting.doc
  • http://yahoo.com/setting.xls
DNS Requests
  • www.yahoo.com
  • yahoo.com

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy