W32/Autorun-BAW

Category: Viruses and Spyware Protection available since:21 Mar 2010 00:29:46 (GMT)
Type: Win32 worm Last Updated:21 Mar 2010 00:29:46 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Autorun-BAW is a worm for the Windows platform.

W32/Autorun-BAW includes functionality to:

- run automatically
- access the internet and communicate with a remote server via HTTP

W32/Autorun-BAW communicates via HTTP with the following locations:

yahooui0 . com


When W32/Autorun-BAW is installed the following files are created:

<Temp>\cvasds0.dll
<Temp>\herss.exe
<Root>\autorun.inf
<Root>\ji83j.exe

The following registry entry is set:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden
SHOWALL
CheckedValue

Registry entries are created under:

HKCR\CLSID
HKLM\SOFTWARE\Microsoft\DownloadManager

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy