W32/Autorun-WD

Category:	Viruses and Spyware	Protection available since:	30 Jan 2009 03:02:38 (GMT)
Type:	Win32 worm	Last Updated:	30 Jan 2009 03:02:38 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Autorun-WD creates the file autoinf.ini which is detected as W32/Autorun-VA.

W32/Autorun-WS copies itself to
<System>\macfee_.exe
<Windows>\macfee_.exe

W32/Autorn-WS creates a scheduled task called at1 to run itself.

W32/Autorun-WS creates the registry value
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\Yahoo Messengger
<System>\macfee_.exe

W32/Autorun-WS sets the following registry values:

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NofolderOptions
0x00000001

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
0x00000001

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
0x00000001

W32/Autorun-WD changes the following registry entries affecting the Internet Explorer:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Page_URL

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
Default_Search_URL

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
Search Page

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main
Start Page

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
GlobalUserOffline
0x00000000

Try Sophos products for free
Download now

W32/Autorun-WD

Free Mac Anti-Virus

Popular topics