W32/Autorun-ATC

Category: Viruses and Spyware Protection available since:19 Oct 2009 15:22:38 (GMT)
Type: Win32 worm Last Updated:19 Oct 2009 15:22:38 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Autorun-ATC is a worm for the Windows platform.

When W32/Autorun-ATC is run it creates the file <Windows>\raidhost.exe.

W32/Autorun-ATC creates an autorun.inf on removeable devices.
The autorun.inf file has the hidden attribute set.

The following registry entry is created to run raidhost.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
raidhost
raidhost.exe

The following registry entries are set, affecting internet security:

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\<Root>\nv
raidhost.exe
<Current Folder>\raidhost.exe:*:Enabled:Windows Messanger

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\<Root>\WINDOWS
raidhost.exe
<Windows>\raidhost.exe:*:Enabled:Windows Messanger

HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
DoNotAllowExceptions
0x00000000

}

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy