Removed: autorun.inf

January 25, 2010 by NightWatcher
Filed under: Malware 
: Solved!

Fix it immediately:

Malware: C:\sand-box\malware.exe
Removed: C:\autorun.inf
—————————————————————————————————————————-
Classification:

Antivirus Version Last Update Result
F-Secure 9.0.15370.0 2010.01.20 Worm.Generic.66462
Kaspersky 7.0.0.125 2010.01.20 Trojan.Win32.TDSS.affr
McAfee 5866 2010.01.19 FakeAlert-DA
Microsoft 1.5302 2010.01.20 Trojan:Win32/Alureon.BK
NOD32 4788 2010.01.20 Win32/AutoRun.ABH
Symantec 20091.2.0.41 2010.01.20 Backdoor.Tidserv

—————————————————————————————————————————-
Additional information
File size: 21504 bytes
MD5   : 548c2a5a18903898a8b141942f792f91
SHA1  : bf5ee152f2b8f8b2fd7c6520c303d2d85f5745e2
SHA256: e418b60091f47f572f0fe8b69554b8dc1734d8db43945b2d28ff0494947c4f3d
—————————————————————————————————————————-
Installation
When the program is executed, it creates the following registry subkeys and values:

———————————-
Keys added:2
———————————-
HKLM\SOFTWARE\Classes\videoshow
HKLM\SOFTWARE\Classes\videoshow\CLSID

———————————-
Values added:1
———————————-
HKLM\SOFTWARE\Classes\videoshow\CLSID\: “{6BF52A52-394A-11D3-B153-00C04F79FAA6}”

———————————-
Files added:4
———————————-
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp1.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp2.tmp
C:\RECYCLER\S-0-7-96-100014340-100012250-100025617-1070.com
C:\autorun.inf

———————————-
Files deleted:1
———————————-
C:\sand-box\malware.exe

———————————-
Total changes:8
———————————-

—————————————————————————————————————————-
Detected by UnHackMe:

Item Name: C:\autorun.inf
Author: Unknown
Related File: C:\autorun.inf
Type: Autorun.inf

Removal Results: Success
Number of reboot: 1
—————————————————————————————————————————-
Recommended software:
UnHackMe anti-rootkit and anti-malware
http://www.unhackme.com
RegRun Security Suite (Good choice for removal and protection)
http://www.regrun.com


Recommended: UnHackMe anti-rootkit and anti-malware

Premium software: RegRun Security Suite (Good choice for removal and protection)

Written by

Malware Hunter.

Tags: autorun.inf

Comments

Tell me what you're thinking...
and oh, if you want a pic to show with your comment, go get a gravatar!

You must be logged in to post a comment.