W32/Autorun-BVZ

Category: Viruses and SpywareProtection available since:10 Apr 2012 15:52:16 (GMT)
Type: Win32 wormLast Updated:10 Apr 2012 15:52:16 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

Examples of W32/Autorun-BVZ include:

Example 1

File Information

Size
268K
SHA-1
2a831fe9dd3e70c4a2175f2925bf4a0d9b649668
MD5
8b31c82d0b57edc2bcb1ba6e106ee182
CRC-32
ffc40e86
File type
application/x-ms-dos-executable
First seen
2012-04-10

Example 2

File Information

Size
130K
SHA-1
83584d70551f393cef5505fd53d166b248de4270
MD5
57c38372060bea85e97ff970c850ea37
CRC-32
229025da
File type
application/x-ms-dos-executable
First seen
2011-09-01

Other vendor detection

Kaspersky
Worm.Win32.VB.awm

Runtime Analysis

Copies Itself To
  • C:\WINDOWS\acroread.exe
  • C:\usbdrv.exe
Dropped Files
  • C:\WINDOWS\system32\vb6stkit.dll
  • C:\sys.inf
  • c:\Documents and Settings\test user\Local Settings\Temp\~DFEC4C.tmp
  • c:\Documents and Settings\test user\Application Data\directx.exe
  • C:\autorun.inf
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Adobe Reader
    C:\WINDOWS\acroread.exe