Content

W32/Autorun.worm.f

Type
Virus
SubType
Worm
Discovery Date
06/25/2007
Length
varies
Minimum DAT
5060 (06/25/2007)
Updated DAT
6381 (06/18/2011)
Minimum Engine
5.1.00
Description Added
06/25/2007
Description Modified
03/23/2008 12:09 AM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

This detection is for a worm.
It attempts to spread to removable drives by creating an autorun.inf file, which will run the worm automatically, if a systems which use the removable drive are set to Autorun.

The following registry keys are created:

  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SilentSoftech"="C:\\WINDOWS\\system32\\SILENTSOFTECH.EXE"

The following files are written to root of writeable volumes:

  • autorun.inf
  • SILENTSOFTECH.EXE

The following file ia also written to the infected system:

  • %WINDIR%\SYSTEM32\SILENTSOFTECH.EXE
    (where %WinDir% is the default Windows directory, for example C:\WINNT, C:\WINDOWS etc.)

Symptoms

Existence of mentioned files and registry keys

Method of Infection

This worm may be spread by its intented method of infected removable drives.

Alternatively this may be installed by visiting a malicious web page (either by clicking on a link, or by the website hosting a scripted exploit which installs the worm onto the user's system with no user interaction.

Removal

All Users:

Please use the following instructions for all supported versions of Windows to remove threats and other potential risks:

1.Disable System Restore (Windows ME/XP only).

2.Update to current engine and DAT files for detection and removal.

3.Run a complete system scan.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

General repair may be unsuccessful in some instances. If this occurs, please submit a sample for further evaluation.

Variants

Variants

    N/A

All Information

Overview -

This detection is for a worm that attempts to copy itself to the root of any accessible disk volumes. Additionally it attempts to place an Autorun.inf file on the root of the volume so that it is executed the next time the volume is mounted.

Characteristics

Characteristics -

This detection is for a worm.
It attempts to spread to removable drives by creating an autorun.inf file, which will run the worm automatically, if a systems which use the removable drive are set to Autorun.

The following registry keys are created:

  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SilentSoftech"="C:\\WINDOWS\\system32\\SILENTSOFTECH.EXE"

The following files are written to root of writeable volumes:

  • autorun.inf
  • SILENTSOFTECH.EXE

The following file ia also written to the infected system:

  • %WINDIR%\SYSTEM32\SILENTSOFTECH.EXE
    (where %WinDir% is the default Windows directory, for example C:\WINNT, C:\WINDOWS etc.)

Symptoms

Symptoms -

Existence of mentioned files and registry keys

Method of Infection

Method of Infection -

This worm may be spread by its intented method of infected removable drives.

Alternatively this may be installed by visiting a malicious web page (either by clicking on a link, or by the website hosting a scripted exploit which installs the worm onto the user's system with no user interaction.

Removal -

Removal -

All Users:

Please use the following instructions for all supported versions of Windows to remove threats and other potential risks:

1.Disable System Restore (Windows ME/XP only).

2.Update to current engine and DAT files for detection and removal.

3.Run a complete system scan.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

General repair may be unsuccessful in some instances. If this occurs, please submit a sample for further evaluation.

Variants

Variants -

    N/A