W32/Autorun-NG

Category: Viruses and Spyware Protection available since:30 Oct 2008 23:24:24 (GMT)
Type: Win32 worm Last Updated:10 Nov 2008 18:50:29 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Autorun-NG copies itself to <System>\chrome.exe and <Windows>\chrome.exe.

W32/Autorun-NG schedules itself to run every day at 9:00AM.

W32/Autorun-NG sets the following registry values:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NofolderOptions

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools

W32/Autorun-NG creates the following registry value

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Yahoo Messengger
<System>\chrome.exe

W32/Autorun-NG changes the default page, the default search page and the start page for Internet Explorer.

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy