Worm Autoit – 5f03e7301cd28db01ce7a6ed8d9a0b30

Worm No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

Worm Autoit
Also known as: Trojan Agent, Trojan Delf
SHA256: aaf585ecfda7f008334b3d53718695de47394e7b41baa6596c8b2bfd9185ace3
SHA1: c7fb851530c9c8482751df8eefd4225941381934
MD5: 5f03e7301cd28db01ce7a6ed8d9a0b30
File size: 309563 bytes

Created files:

C:\autorun.inf – Worm Autoit
%Program Files Common%\System\cftmon.exe – Worm Autoit
C:\Thumbs.db – Worm Autoit
%SysDir%\fdisk.com – Worm Autoit
%Common Startmenu%\Programs\Startup\sndvol32.exe – Worm Autoit
%Temp%\scr\data.scr – Worm Autoit
%Temp%\scr\logon.exe – Worm Autoit
%Temp%\svchost.com – Worm Autoit
%Startup%\sndvol32.exe – Worm Autoit

Worm Autoit created autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\HotKey: %UserProfile%\Templates\cache\SFCsrvc.pif
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\User Agent: %WinDir%\System32\fdisk.com
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell: explorer.exe %WinDir%\System32\fdisk.com
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit: %WinDir%\System32\userinit.exe,%WinDir%\System32\fdisk.com
HKCU\Control Panel\Desktop\SCRNSAVE.EXE: %Temp%\scr\logon.exe
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\HotKey: %UserProfile%\Templates\cache\SFCsrvc.pif
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\User Agent: %Temp%\svchost.com
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\load: %Temp%\svchost.com

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images