W32/Autorun-CCZ

Category: Viruses and Spyware Protection available since:18 Apr 2014 16:24:17 (GMT)
Type: Win32 worm Last Updated:18 Apr 2014 16:24:17 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Autorun-CCZ exhibits the following characteristics:

File Information

Size
600K
SHA-1
70a83906da664ed0561b92737f395386ef03b021
MD5
c5b2242e6db394bffe29945da4ac38b9
CRC-32
feea6d3a
File type
Windows executable
First seen
2014-04-18

Other vendor detection

Avira
Worm/Autorun.esf

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\system32\system3_.exe
  • C:\WINDOWS\system3_.exe
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Yahoo Messengger
    C:\WINDOWS\system32\system3_.exe
Registry Keys Modified
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
    Shell
    Explorer.exe system3_.exe

download Try Sophos products for free
Download now