W32/Tiotua-CO

Category:	Viruses and Spyware	Protection available since:	13 Jun 2010 00:10:57 (GMT)
Type:	Win32 worm	Last Updated:	13 May 2011 06:22:06 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Tiotua-CO is a worm for the Windows platform.

When the worm is installed the following files are created:

<Program Files>\avupdate.exe
<Root>\av.sys

The following registry entry is created to run avupdate.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Anti-Virus Update
<Program Files>\avupdate.exe

Registry entries are set as follows:

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings
GlobalUserOffline
0x00000000

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue
0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
HideFileExt
0x00000001

Registry entries are created under:

HKCU\Software\Microsoft\C0d3R

Try Sophos products for free
Download now

W32/Tiotua-CO

Free Mac Anti-Virus

Popular topics