Content
W32/Autorun.worm!n!2cfe132e0401
- Type
- Virus
- SubType
- -
- Discovery Date
- 08/21/2009
- Length
- 82944
- Minimum DAT
- 5716 (08/21/2009)
- Updated DAT
- 5716 (08/21/2009)
- Minimum Engine
- 5300.2777
- Description Added
- 08/21/2009
- Description Modified
- 08/21/2009 8:32 AM (PT)
Tab Navigation
Characteristics
| File Property | Property Value |
|---|---|
| FileName | 4917.exe |
| McAfee Artemis | Artemis!2cfe132e0401 |
| McAfee Detection | W32/Autorun.worm!n |
| Length | 82,944 bytes |
| CRC | FCC22F7E |
| MD5 | 2CFE132E0401589E00B6AAC2F99E58C4 |
| SHA1 | 7A9318FAD0DBBFC1B04824BDA7D0C747817957EB |
Other Common Detection Aliases
| Company Name | Detection Name |
|---|---|
| avast | Win32:VB-KQC [Trj] |
| AVG (GriSoft) | Worm/Generic.ZSG |
| Avira | TR/Crypt.PEPM.Gen |
| BitDefender | Win32.Worm.VB.NXY |
| eSafe (Alladin) | Suspicious file |
| Eset | Win32/AutoRun.VB.CN worm (variant) |
| Kaspersky | Worm.Win32.VB.aos |
| microsoft | Worm:Win32/VB.HA |
| panda | W32/VB.AEN |
| rising | Worm.Win32.Autorun.fap |
| Sophos | Sus/Veneb-B (suspicious) |
| Symantec | Trojan Horse |
| Trend Micro | WORM_OTORUN.AT |
Avert® Labs has observed the following system activities:
| Activity | Risk Level |
|---|---|
| Enumerates running processes | Medium |
| Uses shared memory of other processes | Low |
| Writes executable in the windows folder | Low |
Other detections that have been observed.
| FileName | McAfee Supported |
|---|---|
| %WINDIR%\userinit.exe | W32/Autorun.worm!n |
This sample can be identified by the following symptoms.
System Changes
These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files
The following files were analyzed:
The following files have been added to the system:
The following registry elements have been changed:
- hidden = 2
- hidefileext = 1
- showsuperhidden = 0
- userinit = c:\windows\userinit.exe
The applications created the following network connection(s):
- hxxp://****************
Symptoms
This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.
Method of Infection
Viruses are self-replicating. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.
Removal
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
Variants
Variants
N/A
All Information
Overview -
This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then further propagate the virus. Although many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
Characteristics
Characteristics -
| File Property | Property Value |
|---|---|
| FileName | 4917.exe |
| McAfee Artemis | Artemis!2cfe132e0401 |
| McAfee Detection | W32/Autorun.worm!n |
| Length | 82,944 bytes |
| CRC | FCC22F7E |
| MD5 | 2CFE132E0401589E00B6AAC2F99E58C4 |
| SHA1 | 7A9318FAD0DBBFC1B04824BDA7D0C747817957EB |
Other Common Detection Aliases
| Company Name | Detection Name |
|---|---|
| avast | Win32:VB-KQC [Trj] |
| AVG (GriSoft) | Worm/Generic.ZSG |
| Avira | TR/Crypt.PEPM.Gen |
| BitDefender | Win32.Worm.VB.NXY |
| eSafe (Alladin) | Suspicious file |
| Eset | Win32/AutoRun.VB.CN worm (variant) |
| Kaspersky | Worm.Win32.VB.aos |
| microsoft | Worm:Win32/VB.HA |
| panda | W32/VB.AEN |
| rising | Worm.Win32.Autorun.fap |
| Sophos | Sus/Veneb-B (suspicious) |
| Symantec | Trojan Horse |
| Trend Micro | WORM_OTORUN.AT |
Avert® Labs has observed the following system activities:
| Activity | Risk Level |
|---|---|
| Enumerates running processes | Medium |
| Uses shared memory of other processes | Low |
| Writes executable in the windows folder | Low |
Other detections that have been observed.
| FileName | McAfee Supported |
|---|---|
| %WINDIR%\userinit.exe | W32/Autorun.worm!n |
This sample can be identified by the following symptoms.
System Changes
These are general defaults for typical path variables. (Although they may differ, these examples are common.):
%WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000)
%SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), \WINDOWS\SYSTEM32 (Windows XP/Vista), \WINNT\SYSTEM32 (Windows NT/2000)
%ProgramFiles% = \Program Files
The following files were analyzed:
The following files have been added to the system:
The following registry elements have been changed:
- hidden = 2
- hidefileext = 1
- showsuperhidden = 0
- userinit = c:\windows\userinit.exe
The applications created the following network connection(s):
- hxxp://****************
Symptoms
Symptoms -
This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.
Method of Infection
Method of Infection -
Viruses are self-replicating. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.
Removal -
Removal -
AVERT recommends to always use latest DATs and engine. This threat will be cleaned if you have this combination.
Additional Windows ME/XP removal considerations
Variants
Variants -
N/A
