Overview of worm W32/Autorun-BHO also called W32/Visal-b (MS)

  • N.º del artículo: 112024
  • Actualizado: 03 mar 2011

Sophos detects this threat as W32/Autorun-BHO. For further information, please refer to:

Note the following:

  • The malware may also modify the following Registry key to load the rogue csrss.exe upon Windows startup:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Winlogon\Shell
  • W32/Autorun-BHO attempts to shut down anti-virus services (not Sophos’ services, however) as well as usbguard.exe and cpe17AntiAutoruna.exe and outlook.exe. It also modifies hosts files.
More data about this threat can be found at SANS: http://isc.incidents.org/diary.html?storyid=9529


 
Si necesita más ayuda, póngase en contacto con soporte técnico.

Valore el artículo

Muy malo Excelente

Comentarios