Home > General > W32/Autorun.worm.gen

W32/Autorun.worm.gen

McAfee® for Consumer United StatesArgentinaAustraliaBoliviaBrasilCanadaChile中国 (China)ColombiaHrvatskaČeská republikaDanmarkSuomiFranceDeutschlandΕλλάδαMagyarországIndiaישראלItalia日本 (Japan)한국 (Korea)LuxembourgMalaysiaMéxicoNederlandNew ZealandNorgePerúPhilippinesPolskaPortugalРоссияSrbijaSingaporeSlovenskoSouth AfricaEspañaSverigeSchweiz台灣 (Taiwan)TürkiyeالعربيةUnited KingdomVenezuela About McAfee Contact Us Search ProductsCross-Device McAfee Total Protection McAfee LiveSafe McAfee Internet Security McAfee AntiVirus Plus McAfee Back to Top View Virus Characteristics Virus Information Virus Removal Tools Threat Activity Top Tracked Viruses Virus Hoaxes Regional Virus Information Global Virus Map Virus Calendar Glossary Disable Autorun functionality This threat attempts to spread via removable drives on computers that support Autorun functionality. ActivitiesRisk LevelsAttempts to send email messagesAttempts to launch an instance of the Windows file system explorer.Enumerates many system files and directories.Adds or modifies Internet Explorer cookiesNo digital signature is present McAfee http://renoscanner.com/general/worm-win32-autorun-fwl.html

Aliases Kaspersky - Worm.Win32.FlyStudio.bf Microsoft - TrojanDropper:Win32/Silly_P2P.B NOD32 - Win32/AutoRun.FlyStudio.AH Sophos - Mal/EncPk-NB

Minimum Engine 5600.1067 File Length varies Description Added 2008-12-08 Description Modified 2012-03-21 Malware Proliferation Upon execution, the Have your PC fixed remotely - while you watch! $89.95 Free Security Newsletter Sign Up for Security News and Special Offers: Indications of Infection: Risk Assessment: Back to Top View Virus Characteristics Virus Characteristics This is a Virus File PropertiesProperty ValuesMcAfee DetectionW32/Autorun.worm.genLength49152 bytesMD56764b9608e07a2b847db62e1a8ff938fSHA1ac748a69735fe24cdb53a0407917d40d1cfd82a8 Other Common Detection AliasesCompany NamesDetection NamesavastWin32:Malware-genAVG (GriSoft)Agent4.BDCH (Trojan horse)KasperskyTrojan.Win32.Agent.abnbdBitDefenderGen:[email protected]@oE5eiBSymantecDownloaderEsetNewHeur_PE (probably unknown virus)pandaGeneric This is a particularly common method of spreading for many current malware families. https://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=8315907

Please go to the Microsoft Recovery Console and restore a clean MBR. e.g. %WINDIR% = \WINDOWS (Windows 9x/ME/XP/Vista/7), \WINNT (Windows NT/2000) %PROGRAMFILES% = \Program Files The following files were analyzed: ea221616c32cedd30e3be08b622c6033f8cb8208 The following files have been added to the system: %APPDATA%\taskhost.exeC:\viewDrive.exe%TEMP%\viewdrive The following Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.

All Users: Please use the following instructions for

Methods of Infection Viruses are self-replicating. Top Follow:I want to...Get helpRemove difficult malwareAvoid tech support phone scamsSee and search the latest threatsFind answers to other problemsFix my softwareFix updates and solve other problemsSee common error codesDownload and They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Windows Defender detects and removes this threat. What to do now To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. Update your McAfee Anti-Virus product to the latest version (when possible), and ensure the latest DAT and Engine and any applicable EXTRA.DATs are installed. 3. their explanation Such files contain execution instructions for the operating system, so that when the removable drive is accessed from another computer supporting the Autorun feature, the malware is launched automatically.

They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Although many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Minimum Engine 5600.1067 File Length 215552 Description They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive.

Indication of Infection This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section. For instructions, please refer to: https://www.mcafee.com/us/downloads/free-tools/disabling-system-restore.aspx 2. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Back to Top View Virus Characteristics Virus Characteristics This is a Virus File PropertiesProperty ValuesMcAfee DetectionW32/Autorun.worm.genLength36864 bytesMD5fae021c6280e8ec9f47990788c7961dfSHA182f24da4030f2a104946f40ba4c3bd85e067b8ba Other Common Detection AliasesCompany NamesDetection NamesKasperskyTrojan.Win32.Agent.acaycEsetNewHeur_PESophosMal/Emogen-HOther brands and names may be claimed

You may also refer to the Knowledge Base on the F-Secure Community site for more information. The 'autorun.inf' file contains execution instructions for the operating system which are invoked when the drive is viewed using Windows Explorer, thus executing the copy of the worm.   It should Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.

All Users: Please use the following instructions for ActivitiesRisk LevelsAttempts to create Autorun.inf configuration files on accessible drives that instructs Windows operating systems to run a file when the disk is connected.Enumerates many system files and directories.Process attempts to

McAfee® for Consumer United StatesArgentinaAustraliaBoliviaBrasilCanadaChile中国 (China)ColombiaHrvatskaČeská republikaDanmarkSuomiFranceDeutschlandΕλλάδαMagyarországIndiaישראלItalia日本 (Japan)한국 (Korea)LuxembourgMalaysiaMéxicoNederlandNew ZealandNorgePerúPhilippinesPolskaPortugalРоссияSrbijaSingaporeSlovenskoSouth AfricaEspañaSverigeSchweiz台灣 (Taiwan)TürkiyeالعربيةUnited KingdomVenezuela About McAfee Contact Us Search ProductsCross-Device McAfee Total Protection McAfee LiveSafe McAfee Internet Security McAfee AntiVirus Plus McAfee Get more help You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help. Back to Top View Virus Characteristics Virus Characteristics File PropertyProperty Value FileName!itw#419.exe McAfee DetectionW32/Autorun.worm.gen Length42,496 bytes CRC5F18E108 MD5A5B7D933A84FDF5AB912472F43D4E0D5 SHA17DAECC90888CAB971BCFE78EAC1D6D698F278AF4 Other Common Detection Aliases Company NameDetection Name AVG (GriSoft)worm/generic.imw EsetWin32/AutoRun.RM Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Indication of Infection This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section. Methods of Infection Viruses are self-replicating. Have your PC fixed remotely - while you watch! $89.95 Free Security Newsletter Sign Up for Security News and Special Offers: Indications of Infection: Risk Assessment:

When an infected media device (such as a CD, DVD or USB drive) is inserted into the computer, the autorun.inf and consequently the actual malicious program is automatically executed.

When executed, Worm:Win32/Autorun.gen!AED copies the package as the following: \winmain.exe Note: refers to a variable location that is determined by the malware by querying the operating system. Methods of Infection Viruses are self-replicating. Variants of Worm:Win32/Autorun usually spread using methods that include, but may not be limited to, copying themselves to removable or network drives, and placing an autorun.inf file in the root directory Share the knowledge on our free discussion forum.

FileNameMcAfee Supported %WINDIR%\system32\msnupdates.exeW32/Autorun.worm.gen This sample can be identified by the following symptoms. Have your PC fixed remotely - while you watch! $89.95 Free Security Newsletter Sign Up for Security News and Special Offers: Indications of Infection: Risk Assessment: Note The following Generic Detections: Worm:inf/Autorun.gen!A Worm:Inf/Hamweg.gen!A identify the autorun.inf files created by Autorun worms (and other families that use the same technique to propagate). Run a full system scan. (On-Demand Scan) 4.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher). ActivitiesRisk LevelsDisables the Windows Task Manager.Adds or modifies system policies. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then further propagate the virus. Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

On windows XP: Insert the Windows XP CD into the CD-ROM drive and restart the computer.When the "Welcome to Setup" screen appears, press R to start the Recovery Console.Select the Windows e.g. %WINDIR% = \WINDOWS (Windows 9x/ME/XP/Vista/7), \WINNT (Windows NT/2000) %PROGRAMFILES% = \Program Files The following files were analyzed: 82F24DA4030F2A[private subnet]BA4C3BD85E067B8BA The following registry elements have been created: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET ACCOUNT MANAGER\HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET ACCOUNT Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer. Get Expert Help McAfeeVirus Removal Service Connect to one of our Security Experts by phone.

SUBMIT A SAMPLE Suspect a file or URL was wrongly detected? Run a full system scan. (On-Demand Scan) 4. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.

The package containing all three components is usually created by a tool detected as Virtool:Win32/Obfuscator.C. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. The following Microsoft products detect and remove this threat: Microsoft Security Essentials Microsoft Safety Scanner For more information on antivirus software, see http://www.microsoft.com/windows/antivirus-partners/. Contact Support F-Secure customers can request support online via the Request support or the Chat forms on our Home - Global site.

For Home For Business For Partners Labs Home News News From the Labs Incidents Calendar Tools & Beta Tools & Beta Flashback Removal Database Updates Rescue CD Router Checker iOS Check