15 articles Worm

Computer worm is a type of malware that spreads on network environment by exploiting several software vulnerabilities. It normally infects hard drives and removable media storage.

Remove VirTool:INF/Autorun.gen!F

VirTool_INF_Autorun_gen_F

VirTool:INF/Autorun.gen!F is a broad detection for a maliciously created autorun.inf file linked to a malware. It often comes with an executable file that it calls whenever the user accesses the infected drive. Not all autorun.inf file are malicious, programs and disc uses the file to automate the running of legitimate software use it. This function…

W32/Autorun.worm!ju

W32/Autorun.worm!ju may also perform the following payloads: It will modify Windows Registry and add the following entries: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\] “Explorador” = “%WINDIR%\Hyden.dll.exe” [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\] “matriz” = “explorer.exe Twain32.dll.exe” [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Session Manager\KnownDLLs\] “Hyden” = “Hyden.dll.exe” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs\] “Hyden” = “Hyden.dll.exe”[%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)] The threat will drop the following malicious files: %WINDIR%\system32\Explores.exe %WINDIR%\system32\Hyden.dll.exe %WINDIR%\system32\Twain32.dll.exe…

Remove W32.Spybot.AVEO

W32.Spybot.AVEO also performs the following payloads: It will modify Windows Registry and add the following entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”Windows Firewall Updater” = “windowsupdate.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\”Windows Firewall Updater” = “windowsupdate.exe” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\”EnableRemoteConnect” = “N” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT1.0\Server\”Enabled” = “0” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\”AutoShareWks” = “0” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters\”AutoShareServer” = “0” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\WINDOWS\system32\”windowsupdate.exe” = “C:\WINDOWS\system32\windowsupdate.exe:*:Enabled:Windows Firewall Updater” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\”AllowUnqualifiedQuery” = “0” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\”PrioritizeRecordData” = “1” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\”TCP1320Opts” = “3” HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\”KeepAliveTime” = “23280”…