W32/Autorun-AZC

Category: Viruses and Spyware Protection available since:02 Feb 2010 10:54:17 (GMT)
Type: Win32 worm Last Updated:02 Feb 2010 10:54:17 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Autorun-AZC is a worm for the Windows platform.

W32/Autorun-AZC includes functionality to:

- run automatically
- create files in the <System> folder
- steal confidential information

When W32/Autorun-AZC is installed the following files are created:

<System>\exp1orer.exe
<System>\fs.msc
<System>\USBController.exe

W32/Autorun-AZC may attempt to spread via removeable drives.

Registry entries are set as follows:

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden
SHOWALL
CheckedValue

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies
Explorer
NoFind

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies
System
DisableTaskMgr

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden
SHOWALL
CheckedValue

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion
Winlogon
Shell

Registry entries are created under:

HKLM\SOFTWARE\Microsoft\F's
HKLM\SOFTWARE\Microsoft

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy