Home Malware Programs Worms Win32/Ainslot.A

Win32/Ainslot.A

Posted: April 5, 2011

Threat Metric

Threat Level: 5/10
Infected PCs: 2,319
First Seen: February 16, 2011
Last Seen: April 6, 2021
OS(es) Affected: Windows

Worm:Win32/Ainslot.A is a worm with potential Trojan functions. As such, Worm:Win32/Ainslot.A can copy itself to other computers through removable drives and may exploit network-shared resources for similar purposes. Worm:Win32/Ainslot.A will also ignore the PC firewall to contact remote attackers, and may download and execute malicious files, transmit sensitive information to anonymous individuals or disable security functions and programs. Removing Worm:Win32/Ainslot.A is an extremely high priority task, since Worm:Win32/Ainslot.A's threat rating is generally considered severe and the potential harm Worm:Win32/Ainslot.A can do is significant.

Doing Your Part to Halt the Worm:Win32/Ainslot.A Threat

Like most worms, Worm:Win32/Ainslot.A will spread itself to new computers through removable drives. This is done by Worm:Win32/Ainslot.A creating hidden copies of itself along with Autorun files that cause Worm:Win32/Ainslot.A to execute whenever the drive is accessed by a new PC. As long as you're careful about network security and removable drives, your PC will be fairly safe from Worm:Win32/Ainslot.A infection.

In addition to making copies in base drive locations, Worm:Win32/Ainslot.A copies itself to a subdirectory of the Documents and Settings folder as a fake 'winlogon.exe' file. Since this file name is naturally visible part of the Windows environment, Worm:Win32/Ainslot.A can be difficult to detect as a running process.

Worm:Win32/Ainslot.A creates Registry additions that slip this worm's execution into the normal Windows startup routine. Because of this, you should assume that Worm:Win32/Ainslot.A is active unless you've verified otherwise. When removing Worm:Win32/Ainslot.A you'll also need to remove the Registry changes, which makes manual deletion a less practical choice unless you know exactly what to look for in the Registry.

The Risks of Worm:Win32/Ainslot.A Infection

Any infection by Worm:Win32/Ainslot.A carries with it certain inherent risks, such as the following:

  • Through other Registry changes, Worm:Win32/Ainslot.A will create an exception for itself in your firewall. This allows Worm:Win32/Ainslot.A to contact outside parties without your consent, using up resources and creating a path for both inbound and outbound data.
  • Worm:Win32/Ainslot.A may transfer personal information like passwords and online bank account data to anonymous parties. This can result in your accounts being compromised, fraudulent charges being made or your identity being stolen.
  • In addition to Worm:Win32/Ainslot.A's worm functions, Worm:Win32/Ainslot.A may execute Trojan functions that allow Worm:Win32/Ainslot.A to download and install malicious files. This can create an increasingly threatening situation for your computer as Worm:Win32/Ainslot.A adds other malware onto your system over time.
  • Worm:Win32/Ainslot.A may repeat infection of your PC to the criminal behind the worm immediately after gaining access to the system. This allows the criminal to attack your PC easily without having to go looking for a potential victim.

Despite the seriousness of Worm:Win32/Ainslot.A's threat, it's been verified that you can delete Worm:Win32/Ainslot.A by using standard techniques for malware removal. A reboot into Safe Mode should prevent Worm:Win32/Ainslot.A from launching itself, and thereafter you can easily scan your computer and remove Worm:Win32/Ainslot.A automatically.

Win32/Ainslot.A

Aliases

Generic7_c.BZGE [AVG]W32/Injector_Autoit.HG [Fortinet]Artemis!4EC09FE2F8EF [McAfee]W32/Dapato.ARTH!tr [Fortinet]Worm/Ainslot.A.1040 [AntiVir]Trojan-Dropper.Win32.Dapato.arth [Kaspersky]Trojan.Kuluoz-208 [ClamAV]TrojanDropper.Dapato.arth [CAT-QuickHeal]Dropper.Generic4.BUSH [AVG]W32/Agent.FRMFYWJ [Fortinet]Trojan.Packed.22079 [DrWeb]Trojan.Generic.6802152 [BitDefender]probably a variant of Win32/Agent.GLCEYVM [NOD32]Artemis!01DE3FDBBE50 [McAfee]Trojan-FakeAV.Win32.Windef.qct [Kaspersky]
More aliases (2032)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%TEMP%\362364\svhost.exe File name: svhost.exe
Size: 1.18 MB (1188846 bytes)
MD5: df6da7a5184bff0a5c6ca574077af52e
Detection count: 110
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\362364
Group: Malware file
Last Updated: February 6, 2013
%USERPROFILE%\awt43abr.exe File name: awt43abr.exe
Size: 197.02 KB (197025 bytes)
MD5: d59e95c397d6fc8cce604adc94a6d6ef
Detection count: 95
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%
Group: Malware file
Last Updated: April 8, 2013
%APPDATA%\Google\synceng.exe File name: synceng.exe
Size: 416.25 KB (416256 bytes)
MD5: c4b1d742aa2c8107b0f2cd17eb2e4f86
Detection count: 84
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Google
Group: Malware file
Last Updated: March 12, 2013
%APPDATA%\__000518fe.lnk File name: __000518fe.lnk
Size: 276.63 KB (276632 bytes)
MD5: ee18bdb08fdd1fbbaa838a6e7ae5cbe7
Detection count: 71
File type: Shortcut
Mime Type: unknown/lnk
Path: %APPDATA%
Group: Malware file
Last Updated: May 8, 2013
%TEMP%\FRW8LBWL5V.exe File name: FRW8LBWL5V.exe
Size: 195.28 KB (195280 bytes)
MD5: c783d030ce49c3152a406492f807faeb
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: February 11, 2013
%APPDATA%\wass.exe File name: wass.exe
Size: 502.6 KB (502608 bytes)
MD5: c1106027bca9443edac4512fd8d422a6
Detection count: 49
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: February 11, 2013
%TEMP%\XNR8LBWL5V.exe File name: XNR8LBWL5V.exe
Size: 195.28 KB (195280 bytes)
MD5: 9102be25255d00e7b8d494437e1d67e9
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: January 21, 2013
%APPDATA%\dad1.exe File name: dad1.exe
Size: 502.6 KB (502608 bytes)
MD5: 184cf0bb77f02e345749eb6a31f8cd2a
Detection count: 28
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: February 11, 2013
%TEMP%\WinDefender.Exe File name: WinDefender.Exe
Size: 739.32 KB (739328 bytes)
MD5: 3457d0a366f583896fb695c47003e374
Detection count: 26
File type: Executable File
Mime Type: unknown/Exe
Path: %TEMP%
Group: Malware file
Last Updated: February 6, 2013
%USERPROFILE%\1043\svhost.exe File name: svhost.exe
Size: 1 MB (1001673 bytes)
MD5: a193900a298316e5e06cb1fe0b4f0fe7
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\1043
Group: Malware file
Last Updated: March 29, 2013
%APPDATA%\xpbs.exe File name: xpbs.exe
Size: 486.23 KB (486232 bytes)
MD5: 0382d45b4fa4b16ff4ac13eed692d243
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: April 8, 2013
%TEMP%\0M11BOB3P8.exe File name: 0M11BOB3P8.exe
Size: 195.87 KB (195874 bytes)
MD5: 6aa63f131a62db1b723f49ffaa872bb2
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: January 21, 2013
%APPDATA%\senseulize\Fileadhesive.exe File name: Fileadhesive.exe
Size: 771.45 KB (771456 bytes)
MD5: bc73b362a9442cb96350b6737c9ff851
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\senseulize
Group: Malware file
Last Updated: February 22, 2013
%APPDATA%\halu.exe File name: halu.exe
Size: 193.31 KB (193314 bytes)
MD5: a57297e1637762670ad37d99219086fe
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: January 21, 2013
%APPDATA%\az.exe File name: az.exe
Size: 338.43 KB (338432 bytes)
MD5: ad1d3e7323ab3cb1e5b584bf70d2cae9
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: March 29, 2013
%APPDATA%\Windows Defender\11CXEH0KOB.exe File name: 11CXEH0KOB.exe
Size: 1.51 MB (1512309 bytes)
MD5: 013248f216797a7016ecab62420fa0d9
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Windows Defender
Group: Malware file
Last Updated: April 29, 2013
%APPDATA%\vbc.exe File name: vbc.exe
Size: 343.55 KB (343552 bytes)
MD5: bf23493c61b10f3b5f2c4ec46175c279
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: February 6, 2013
%USERPROFILE%\Documents\downloads\complete\Extensoft Artisteer 4.1.0.59861 Multilingual.rar\Extensoft Artisteer 4.1.0.59861 Multilingual.exe File name: Extensoft Artisteer 4.1.0.59861 Multilingual.exe
Size: 5.4 MB (5400576 bytes)
MD5: 22f19ce769d87c41a53a184f373eddef
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Documents\downloads\complete\Extensoft Artisteer 4.1.0.59861 Multilingual.rar
Group: Malware file
Last Updated: April 29, 2013
%TEMP%\WinDefender.Exe File name: WinDefender.Exe
Size: 280.57 KB (280576 bytes)
MD5: 213479bfdeffaa456e972587e09680fc
Detection count: 5
File type: Executable File
Mime Type: unknown/Exe
Path: %TEMP%
Group: Malware file
Last Updated: March 12, 2013
%APPDATA%\bot.exe File name: bot.exe
Size: 2.14 MB (2148780 bytes)
MD5: 58a4d3ec2667249a90b80c53972d789c
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: April 22, 2013
%APPDATA%\winbot-dofus.exe File name: winbot-dofus.exe
Size: 837.12 KB (837120 bytes)
MD5: d0d03749a8e2a82d377f5d2021960c50
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: May 3, 2013
%TEMP%\SharedReg.exe File name: SharedReg.exe
Size: 476.16 KB (476160 bytes)
MD5: 896214587e3d17c7682a65485b573a09
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: April 22, 2013

More files
Loading...