Content

W32/Autorun.worm.f

Type
Virus
SubType
Worm
Discovery Date
06/25/2007
Length
varies
Minimum DAT
5060 (06/25/2007)
Updated DAT
5652 (06/20/2009)
Minimum Engine
5.1.00
Description Added
06/25/2007
Description Modified
03/23/2008 12:09 AM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

This detection is for a worm.
It attempts to spread to removable drives by creating an autorun.inf file, which will run the worm automatically, if a systems which use the removable drive are set to Autorun.

The following registry keys are created:

  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SilentSoftech"="C:\\WINDOWS\\system32\\SILENTSOFTECH.EXE"

The following files are written to root of writeable volumes:

  • autorun.inf
  • SILENTSOFTECH.EXE

The following file ia also written to the infected system:

  • %WINDIR%\SYSTEM32\SILENTSOFTECH.EXE
    (where %WinDir% is the default Windows directory, for example C:\WINNT, C:\WINDOWS etc.)

Symptoms

Existence of mentioned files and registry keys

Method of Infection

This worm may be spread by its intented method of infected removable drives.

Alternatively this may be installed by visiting a malicious web page (either by clicking on a link, or by the website hosting a scripted exploit which installs the worm onto the user's system with no user interaction.

Removal

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

This detection is for a worm that attempts to copy itself to the root of any accessible disk volumes. Additionally it attempts to place an Autorun.inf file on the root of the volume so that it is executed the next time the volume is mounted.

Characteristics

Characteristics -

This detection is for a worm.
It attempts to spread to removable drives by creating an autorun.inf file, which will run the worm automatically, if a systems which use the removable drive are set to Autorun.

The following registry keys are created:

  • [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SilentSoftech"="C:\\WINDOWS\\system32\\SILENTSOFTECH.EXE"

The following files are written to root of writeable volumes:

  • autorun.inf
  • SILENTSOFTECH.EXE

The following file ia also written to the infected system:

  • %WINDIR%\SYSTEM32\SILENTSOFTECH.EXE
    (where %WinDir% is the default Windows directory, for example C:\WINNT, C:\WINDOWS etc.)

Symptoms

Symptoms -

Existence of mentioned files and registry keys

Method of Infection

Method of Infection -

This worm may be spread by its intented method of infected removable drives.

Alternatively this may be installed by visiting a malicious web page (either by clicking on a link, or by the website hosting a scripted exploit which installs the worm onto the user's system with no user interaction.

Removal -

Removal -

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A