Home Malware Programs Worms Worm.VBS.Autorun.gb

Worm.VBS.Autorun.gb

Posted: August 17, 2011

Worm.VBS.Autorun.gb is a Visual Basic-based worm that uses traditional worm tactics to infect new computers via networks and removable drives. Although SpywareRemove.com malware researches have noted that Worm.VBS.Autorun.gb can be configured to cause a range of different attacks, most Worm.VBS.Autorun.gb infections will attempt to have a negative impact on your computer's security by disabling security-related programs or making harmful changes to security settings. Worm.VBS.Autorun.gb will launch itself without any interaction on your part and tries to hide from sight, so you should use an anti-malware program to find and remove Worm.VBS.Autorun.gb from your PC.

Why You Want to Protect Your PC from Worm.VBS.Autorun.gb

Although Worm.VBS.Autorun.gb was first reported by various PC security companies as early as 2009, recent Worm.VBS.Autorun.gb infections have taken place in 2011 that may indicate a new variant of Worm.VBS.Autorun.gb. Keep your anti-malware programs activated and updated to protect yourself from any Worm.VBS.Autorun.gb attack vectors, including suspicious email messages, fake codecs and concealed installation bundles.

SpywareRemove.com malware researchers have found that most Worm.VBS.Autorun.gb infections go hand-in-hand with attacks on computer security and important system components. Worm.VBS.Autorun.gb may modify system files, particularly the Windows Registry without your permission and is also capable of deleting files or overwriting them with copies of itself. These attacks, while difficult to detect, can cause your PC to become vulnerable to remote access by criminals, which is a top cause of password theft, DDoS attacks and the installation of unwanted software such as rogue security programs (which includes such varied examples as Microsoft Security Center 2011, SystemSoapPro, Windows Armament Master, Desktop Security 2010 and BitDefender 2011).

Steps to Take to Shield Your PC from Worm.VBS.Autorun.gb

Worm.VBS.Autorun.gb uses basic Autorun-based exploits to spread to other PCs; this exploit is common to many types of backdoor-oriented worms that SpywareRemove.com malware researchers have analyzed, such as Worm.Win32.VBKrypt.m, Win32.AutoRun.ftc, Net-Worm.Win32.Koobface.iap and Net-Worm.Win32.Padobot.m. If you suspect that Worm.VBS.Autorun.gb is infecting your PC or a nearby PC, pay close attention to security with regards to local network connections and removable storage devices – both of these can be used as vectors for Worm.VBS.Autorun.gb infection without requiring you to launch a Worm.VBS.Autorun.gb file deliberately.

Worm.VBS.Autorun.gb can also be detected by noticing any problems with accessing security-related software, especially your firewall. Alternately, Worm.VBS.Autorun.gb may only change settings, such as creating a firewall exception for itself. If Worm.VBS.Autorun.gb is blocking a program that you require immediate access to, you may be able to avoid this problem by using Safe Mode or, at most, by booting Windows from a portable hard drive.

SpywareRemove.com malware researchers have found evidence that indicates that Worm.VBS.Autorun.gb is a polymorphic threat and, therefore, should only be deleted by advanced and fully-updated anti-malware applications. These applications may detect Worm.VBS.Autorun.gb by one of its aliases, which include Mal/Behav-043, Win-Trojan/Xema.variant and HackTool.Win32.Jakuz.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%Windir%\ Addins\netsfigx.exe File name: %Windir%\ Addins\netsfigx.exe
File type: Executable File
Mime Type: unknown/exe
%Windir%\netsfigx.exe File name: %Windir%\netsfigx.exe
File type: Executable File
Mime Type: unknown/exe

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Bsqxita = "%System%\Bsqxita.exe" Bsqx = "%Windir%\ Addins\netsfigx.exe"
Loading...