W32/AutoRun-BBP

Category: Viruses and SpywareProtection available since:16 Apr 2010 06:20:57 (GMT)
Type: Win32 wormLast Updated:16 Apr 2010 06:20:57 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/AutoRun-BBP is a worm for the Windows platform that spreads via removable shared drives.

W32/AutoRun-BBP includes functionality to create files in the <System> folder.

When first run W32/AutoRun-BBP copies itself to:

<Windows>\system\AdobeFPT.exe
<System>\AdobeFP.exe
<System>\CarbIDE_C\26!14.exe
<System>\Win32DLL\Python.EXE

and creates the following files:

<System>\bftowdthunk.dll - can be removed
<System>\BlueBearX.ocx - can be removed
<System>\CodeWarrior_Symbian.VBS - can be removed
<System>\SYSINFO.ocx - can be removed

The following registry entry is created to run AdobeFP.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Adobe Flash Player
<System>\AdobeFP.exe

The following registry entry is changed to run 26!14.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
Explorer.exe <System>\CarbIDE_C\26!14.exe

The files BlueBearX.ocx and SYSINFO.ocx are registered as COM objects, creating registry entries under:

HKCR\CLSID\{1089A6E9-A9F3-48C2-81D2-D4C4B2CE12AF}
HKCR\CLSID\{12D197DA-0F5B-4A1B-9F7F-0FCBD4F7E12C}
HKCR\CLSID\{200327C9-34B1-4AFE-BF6C-93CBC48880D9}
HKCR\CLSID\{2089B1A4-DDD2-427D-BB01-D79F129C4668}
HKCR\CLSID\{336616ED-D00A-4260-B4FC-B359388099DD}
HKCR\CLSID\{372395F3-7C23-4F68-B1BC-E50C085C89E3}
HKCR\CLSID\{4209784B-42A7-42B4-BA89-426E5C1EBBB7}
HKCR\CLSID\{480D6670-45D9-4E4E-803A-58A32B6C1EFE}
HKCR\CLSID\{4EF7F4DB-1BA7-4EC5-823E-7E7837FF0F71}
HKCR\CLSID\{5C7A5EAE-E397-43FB-86CF-C205F5182D26}
HKCR\CLSID\{6EE7E331-E4A6-44C3-8A20-CBBC1947ADDC}
HKCR\CLSID\{6FBA474B-43AC-11CE-9A0E-00AA0062BB4C}
HKCR\CLSID\{98394BBE-C507-4BB7-9452-935F26FCA4D0}
HKCR\CLSID\{A11836A9-5D2F-4839-984B-F1AE67662E44}
HKCR\CLSID\{B169128E-78F0-41BE-90C6-060E59C806DF}
HKCR\CLSID\{BFDC7F3F-9E05-4272-8D9D-429D513BAEDC}
HKCR\CLSID\{C103ACB4-8BD0-4D7E-9874-04267232642F}
HKCR\CLSID\{C133F18C-37A2-496E-89BE-C8DEDA07650D}
HKCR\CLSID\{CEF53F54-FA5B-43C5-B5B4-561880B4F6F7}
HKCR\CLSID\{DFAB218D-05CC-463F-B33A-BBA5F6802275}
HKCR\CLSID\{E7D6AF04-1AD1-4621-B6CF-68B836546F9A}
HKCR\CLSID\{EA10AB62-968E-4959-ABB1-DB5B6300774A}
HKCR\CLSID\{EB08EDF5-B847-4404-BD1B-82C9C5B063CF}
HKCR\Interface\{01D9EAA4-E881-4E86-864A-DDA466F9A2AB}
HKCR\Interface\{08FA0664-6000-4E17-BC1D-FB4A3F197C33}
HKCR\Interface\{0B5E40D3-40F4-43B1-B6AC-A06C3D88EE65}
HKCR\Interface\{0CA62BA8-EF17-42AC-9182-4CC1AD6DBC48}
HKCR\Interface\{0D05FFEB-AFF9-469F-9314-5855AF7C3BAF}
HKCR\Interface\{0ED9A9E4-7208-4684-B9AF-B032D0BB449E}
HKCR\Interface\{135B6073-C048-47F2-9BE3-DD270B212151}
HKCR\Interface\{167A4824-2399-497E-859F-DA446BB17781}
HKCR\Interface\{1742B225-1ABA-4135-B79D-B8716B869F5D}
HKCR\Interface\{17A15AB8-D773-409C-8281-DF3A40E737A9}
HKCR\Interface\{1949E0CC-8AE8-48E7-840E-2F525A191858}
HKCR\Interface\{1CCE11DB-D4AF-4E5B-89B7-1B452C3F74FD}
HKCR\Interface\{1D552519-08EB-4118-BAA7-5E1097D0CB3E}
HKCR\Interface\{1FAE49F5-7AB9-4F8D-A359-058681DFF898}
HKCR\Interface\{20984BC2-4FE6-44B8-B695-D87DCC01E555}
HKCR\Interface\{20B257DF-B1A5-47B1-8E10-A8B357098D1E}
HKCR\Interface\{27F2D6B5-4127-407B-92E4-E53ABB42A0B7}
HKCR\Interface\{2A164910-C091-4F20-B220-4FB49BD8AEB8}
HKCR\Interface\{2BD8406A-83C1-42FE-AA42-A275B73E86C1}
HKCR\Interface\{2DF7A344-4492-4030-BE0B-B2C9B6088593}
HKCR\Interface\{34B8D03B-1B3A-4979-B5AD-8AAF5E129131}
HKCR\Interface\{3AEE771E-4E48-455C-8536-20CD9EC1AEE1}
HKCR\Interface\{3D9BBCDF-4440-48C1-88F5-723A81B4FF59}
HKCR\Interface\{4379484E-75C9-4B40-91CD-B9644BE7DA6B}
HKCR\Interface\{44BF93C9-6162-4BE4-8A3B-1F944135B8B7}
HKCR\Interface\{486FBD78-E345-485E-9DD1-51CEE2BBC87F}
HKCR\Interface\{48E0233D-2D46-4045-93CD-7658388FACB7}
HKCR\Interface\{4911E36D-2A6C-413F-AA61-C1C8CD1AC7F0}
HKCR\Interface\{49220843-A3DD-48C1-A71B-C3A4A557A08B}
HKCR\Interface\{5AC3DE15-9B48-49B3-B5DE-A1D299DFC080}
HKCR\Interface\{5D04DBEF-D7A3-4254-A530-DFF933AA1F33}
HKCR\Interface\{635FF291-B59A-463D-9E3C-C5D1886E140C}
HKCR\Interface\{67C187B8-63BC-47A9-940D-545AF2293171}
HKCR\Interface\{6ADC8374-D357-4526-B8D4-D864E3186998}
HKCR\Interface\{6B0BE872-95F3-417A-B78B-607F0056934C}
HKCR\Interface\{6E94FBA4-6B9D-4796-9B29-06F04B47F53E}
HKCR\Interface\{6FBA474C-43AC-11CE-9A0E-00AA0062BB4C}
HKCR\Interface\{6FBA474D-43AC-11CE-9A0E-00AA0062BB4C}
HKCR\Interface\{70F3FD24-DA55-4FB6-B375-39DC1A384A40}
HKCR\Interface\{7A6566B6-A26F-48B5-95DF-2E79F11235F7}
HKCR\Interface\{7B8926C5-8B71-495F-B05E-1F28B5C62162}
HKCR\Interface\{7FE9971C-13BC-46B3-A4D9-245B3F897500}
HKCR\Interface\{835AC956-43A5-440F-BFB7-79EF5AA683EF}
HKCR\Interface\{847DBAAD-7A46-450C-B540-C1620CA2F9DD}
HKCR\Interface\{84A0C06D-C4B7-42E0-997A-982DBF2E5520}
HKCR\Interface\{85512CE9-81C0-48AD-9935-D60764165D92}
HKCR\Interface\{866177CC-3388-4CC0-81EC-AF087C5FD1AF}
HKCR\Interface\{8771629B-0043-4B14-832B-B51E40BD8A59}
HKCR\Interface\{87A348F6-9A58-40AF-B42D-EBA7675BD81D}
HKCR\Interface\{8CA1710E-C42E-4151-B65B-AA20576CDC48}
HKCR\Interface\{96C94246-74F0-4152-B289-8449B862A5ED}
HKCR\Interface\{9BB23C84-5C65-4DAC-8211-3D221A4C292A}
HKCR\Interface\{A322B075-9814-480E-A9D8-4F67A1484462}
HKCR\Interface\{AB3E0C22-BB5C-4B78-8D78-B5BF64865F42}
HKCR\Interface\{BE4F6F92-8B14-42EE-96ED-59FE862A7508}
HKCR\Interface\{C03DED84-9190-41E7-9992-B2A41FE17693}
HKCR\Interface\{C084C1BC-349E-4E23-996D-1E8EDA228B51}
HKCR\Interface\{C8FC5C93-6EFC-473E-AE53-9A8FDB85CB45}
HKCR\Interface\{CCD54050-2A84-4E95-A48B-86380C3F5907}
HKCR\Interface\{CDE795A7-F159-457A-ACCC-6FC372560E2C}
HKCR\Interface\{CE2C1913-690A-4DCE-8D31-6427F1EDF026}
HKCR\Interface\{D417D011-D6B0-4DC4-820A-68E3869F8137}
HKCR\Interface\{D48A043E-5D15-4B71-BC4C-BB38FF5C2364}
HKCR\Interface\{E21424E9-CC65-4817-B8BA-C489A8D6AEDA}
HKCR\Interface\{E6615AA0-C0C7-4FAB-99F7-4A77E2BCA655}
HKCR\Interface\{EB309B50-4E87-427E-90C7-E7A903023840}
HKCR\Interface\{EB84756C-6EAF-4DD1-ACE2-2AF43AA32216}
HKCR\Interface\{F0BB1C22-5BEA-4ABB-A539-1A2ABB269B3A}
HKCR\Interface\{F354E222-CDD7-4B5B-B214-A72DDEABEA94}
HKCR\Interface\{F5706FA7-A282-4063-99FD-DA1EE72CBB0F}
HKCR\Interface\{F7A4CE40-8418-4504-8B15-1E67C5D01B9F}
HKCR\Interface\{F8937773-F413-4486-84EA-7264848C29B7}
HKCR\Interface\{F8A28BA9-DD64-4726-9024-E1C0CD1CD82F}
HKCR\TypeLib\{3B9A8612-5DCA-45A9-809A-04AAA0A5564F}
HKCR\TypeLib\{6FBA474E-43AC-11CE-9A0E-00AA0062BB4C}
HKCR\BluetoothFrameworkX.BFAPIInfoX
HKCR\BluetoothFrameworkX.BFAuthenticatorX
HKCR\BluetoothFrameworkX.BFBluetoothAudioX
HKCR\BluetoothFrameworkX.BFBluetoothCOMPortCreatorX
HKCR\BluetoothFrameworkX.BFBluetoothDiscoveryX
HKCR\BluetoothFrameworkX.BFBluetoothMassSenderX
HKCR\BluetoothFrameworkX.BFByteArrayX
HKCR\BluetoothFrameworkX.BFChargeX
HKCR\BluetoothFrameworkX.BFClientX
HKCR\BluetoothFrameworkX.BFFileTransferClientX
HKCR\BluetoothFrameworkX.BFGSMModemClientX
HKCR\BluetoothFrameworkX.BFIrDADiscoveryX
HKCR\BluetoothFrameworkX.BFObjectPushClientX
HKCR\BluetoothFrameworkX.BFObjectPushServerX
HKCR\BluetoothFrameworkX.BFPhoneBookClientX
HKCR\BluetoothFrameworkX.BFSerialEventsClientX
HKCR\BluetoothFrameworkX.BFSerialPortClientX
HKCR\BluetoothFrameworkX.BFServerX
HKCR\BluetoothFrameworkX.BFSignalX
HKCR\BluetoothFrameworkX.BFSyncClientX
HKCR\BluetoothFrameworkX.BFvCardsX
HKCR\BluetoothFrameworkX.BFvCardX
HKCR\SYSINFO.SysInfo
HKCR\SYSINFO.SysInfo.1

Registry entries are set as follows:

HKLM\SOFTWARE\Policies\Microsoft\Windows\Task Scheduler5.0
Property Pages
0x00000001

HKLM\SOFTWARE\Policies\Microsoft\Windows\Task Scheduler5.0
Task Deletion
0x00000001

HKLM\SOFTWARE\Policies\Microsoft\Windows\Task Scheduler5.0
Execution
0x00000001

HKLM\SOFTWARE\Policies\Microsoft\Windows\Task Scheduler5.0
DragAndDrop
0x00000001

HKLM\SOFTWARE\Policies\Microsoft\Windows\Task Scheduler5.0
Allow Browse
0x00000001

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue
0x00000000

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0x00000000

Registry entries are created under:

HKCU\Software\Microsoft\Windows Script Host\Settings