W32/Autorun-EL

Category:	Viruses and Spyware	Protection available since:	17 Aug 2011 19:17:51 (GMT)
Type:	Win32 worm	Last Updated:	17 Aug 2011 19:17:51 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

When run W32/Autorun-EL copies itself to <System>/sys.vbs and also copies itself to all available drives to the file <Root>/sys.vbs and creates an autorun.inf file which will autorun sys.vbs.

W32/Autorun-EL will create or edit the following registry entries:

HKCU\Software\Microsoft\Internet Explorer\Main
Window Title
"Microsoft Internet Explorer"

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoFolderOptions
0

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
0

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
0

HKCU\Software\Microsoft\Internet Explorer\Main
Start Page
<Target page>

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
"explorer.exe"

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
<System>\userinit.exe, <System>\wscript.exe <System>\sys.vbs

Try Sophos products for free
Download now

W32/Autorun-EL

Free Mac Anti-Virus

Popular topics