W32/Tiotua-AP

Category: Viruses and Spyware Protection available since:30 Mar 2009 11:14:10 (GMT)
Type: Win32 worm Last Updated:30 Mar 2009 11:14:10 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Tiotua-AP exhibits the following characteristics:

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\compmgmt.exe
  • C:\WINDOWS\system32\debug_32.exe
Dropped Files
  • C:\WINDOWS\Tasks\At1.job
    Size
    310
    SHA-1
    5dfa48d4a0448704a8cd841176a5897d46149f20
    MD5
    a6a59372fe10747512869811d46c17b0
    CRC-32
    8c811e40
    File type
    application/data
    First seen
    2011-03-29
Registry Keys Created
  • HKLM\SYSTEM\CurrentControlSet\Services\Schedule
    AtTaskMaxHours
    0x00000048
Registry Keys Modified
  • HKLM\SYSTEM\CurrentControlSet\Services\Schedule
    NextAtJobId
    0x00000002
Processes Created
  • c:\windows\system32\at.exe
  • c:\windows\system32\cmd.exe
  • c:\windows\system32\net.exe
  • c:\windows\system32\net1.exe

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy