Content

W32/Autorun.worm.bx.gen.dll

Type
Trojan
SubType
Application extension Generi
Discovery Date
04/03/2008
Length
Varies
Minimum DAT
5266 (04/03/2008)
Updated DAT
5760 (10/03/2009)
Minimum Engine
N/A
Description Added
04/03/2008
Description Modified
04/09/2008 8:13 PM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

W32/Autorun.worm.bx.gen.dll is injected into Explorer.exe and is dropped by W32/Autorun.worm.bx. It is a online game stealing password component of the virus. It also contains the functionality to spread via autorun.

The virus is written to the following file:

  • %SYSTEM%\amvo0.dll

(where %SYSTEM is the Windows system folder e.g. C:\Windows\system32)

It modifies the following registry keys:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden: 0x00000000
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\amva: "C:\WINDOWS\system32\amvo.exe"

It steals passwords from the following games:

  • Maplestory
  • Lineage
  • Forthgoer

For general characteristics of W32/Autorun.worm.bx, please refer to:

Symptoms

  • Presence of previously mentioned registry keys.
  • Presence of previously mentioned file.

 

Method of Infection

It is dropped by W32/Autorun.worm.bx.

Removal

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

W32/Autorun.worm.bx.gen.dll is injected into Explorer.exe and is dropped by W32/Autorun.worm.bx. It is a online game stealing password component of the virus. It also contains the functionality to spread via autorun.

Characteristics

Characteristics -

W32/Autorun.worm.bx.gen.dll is injected into Explorer.exe and is dropped by W32/Autorun.worm.bx. It is a online game stealing password component of the virus. It also contains the functionality to spread via autorun.

The virus is written to the following file:

  • %SYSTEM%\amvo0.dll

(where %SYSTEM is the Windows system folder e.g. C:\Windows\system32)

It modifies the following registry keys:

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue: 0x00000000
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden: 0x00000000
  • HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\amva: "C:\WINDOWS\system32\amvo.exe"

It steals passwords from the following games:

  • Maplestory
  • Lineage
  • Forthgoer

For general characteristics of W32/Autorun.worm.bx, please refer to:

Symptoms

Symptoms -

  • Presence of previously mentioned registry keys.
  • Presence of previously mentioned file.

 

Method of Infection

Method of Infection -

It is dropped by W32/Autorun.worm.bx.

Removal -

Removal -

AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A