high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | September 2008 (4.33) |
| Protection available since | 23 July 2008 07:00:01 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/AutoRun-GP is a worm for the Windows platform. When run W32/AutoRun-GP creates the following files:
<Temp>\TunerSetup\svchost.exe - detected as W32/AutoRun-GP
<Temp>\TunerSetup\drives.dat - can be safely removed
<Temp>\TunerSetup\Icon.ico - can be safely removed
<Temp>\TunerSetup\paths.dat - can be safely removed
C:\Config\svchost.exe - detected as W32/AutoRun-GP
C:\Config\drives.dat - can be safely removed
C:\Config\Icon.ico - can be safely removed
C:\Config\paths.dat - can be safely removed
<Start Menu>\Programs\Startup\<no name>.lnk - can be safely removed
The following registry entries are set:
HKCU\Software\Microsoft\Internet Explorer\Main
Start Page
<domain name>
HKCU\Software\Microsoft\Internet Explorer\Main
Window Title
G.O.D Saikoboy's Internet Explorer
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
NoFolderOptions
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
installed
present2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
winlogon
C:\CONFIG\svchost.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue
0
|
