Our team of researches surfs the Internet on an everyday basis in search of the latest registry news and relevant information useful to visitors. This site strives to provide exciting registry information with two basic principles; Simplicity and Quality, with reference to the best information on registries.
The writers of the site present articles illustrated with images, while ensuring that the articles are both clear and concise in order to provide professional, yet easy to understand articles. Registry products and problems are analyzed and evaluated so as to present visitors with professional and factual articles. More...
Mar
25th

Wondering Why Your PC is Acting Weirdly?

Author: Indre | Files under Fix slow PC

run.jpgIs your computer behaving odd? Are you unsure of what this might mean? The latest threat I’ve come to know of is identified as Win32/AutoRun.PD. Maybe this is the answer you are looking for. This worm affects Windows95, Windows 98 and others. Read some of my articles related to this topic here.

You should keep in mind that this worm multiplies through mapped network drives. Win32/AutoRun.PD also attempts to copy itself to the following locations:

  • %WINDIR%\userinit.exe
  • %SYSDIR%\system.exe
  • %drive%\Secret.exe

Then the following files are created:

  • - Non malicious file: %SYSDIR%\MSWINSCK.OCX

- %drive%\autorun.inf This is a non malicious text file with the following content:

  • %code that runs malware%

- %WINDIR%\kdcoms.dll This file contains collected keystrokes.red.jpg

Win32/AutoRun.PD. affects OS systems like: Windows 95, Windows 98, Windows 98 SE, Windows NT, Windows ME, Windows 2000, Windows XP, Windows 2003.

Once the worm has gained access to your system it does the following:

  • it downloads a file;
  • also drops files;
  • records keystrokes;
  • makes registry modification;
  • steals information;
  • offers third party control.
This worm can be identified with the following aliases:

a-squared Worm.Win32.AutoRun.cbm
AhnLab V3 -
AntiVir -
Arcavir -
AVAST! Win32:AutoRun-AHD [Wrm]
AVG Worm/Generic.HHJ
BitDefender
Trojan.Downloader.VB.AXY
ClamAV Worm.Autorun-1173
CP Secure Troj.W32.Agent.aif
Dr.Web Win32.HLLW.Autoruner.1083
ewido Worm.AutoRun.cbm
F-Prot W32/SysKeylog.B.gen!Eldorado (generic, not disinfectable)
F-Secure Worm.Win32.AutoRun.cbm [AVP]
Fortinet W32/VB.CBM!worm
Ikarus Trojan-Downloader.VB.AXY
JiangMin Worm/AutoRun.tc
Kaspersky Worm.Win32.AutoRun.cbm
KingSoft Worm.AutoRun.233472
McAfee W32/Autorun.worm.bm
Microsoft -
mks_vir -
Norman W32/DLoader.FJTL
nProtect Worm/W32.AutoRun
Panda -
Quick Heal Worm.AutoRun.cbm
Rising -
Sophos Mal/VB-F
Sunbelt -
Symantec W32.Versie.A
The Hacker -
Trend Micro WORM_AUTORUN.BBC
VBA32 Worm.Win32.AutoRun.cbm
ViRobot -
VirusBuster -

Resources:
The variants of Win32/AutoRun.PD
Review on the worm

Post a Comment

Security Code: