W32/AutoRun-AOG
W32/AutoRun-AOG is a worm for the Windows platform. W32/AutoRun-AOG spreads by copying itself to removable shared drives, which are designed to run the worm when the infected removable drive is connected to an uninfected computer. W32/AutoRun-AOG also attempts to spread via network shares by enumerating existing shared network drives on the computer and copying itself as True_Love.exe. W32/AutoRun-AOG also sends messages via Yahoo! Messenger to other members on the user's list.
File System Modifications
- The following files were created in the system:
# File Name 1 \autorun.ini 2 \MsRun32.exe 3 \MsRun32.exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\WorkgroupCrawler\Shares shared\True_Love.exeHKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerNofolderOptions 1HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\SystemDisableRegistryTools 1HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\SystemDisableTaskMgr 1HKCU\Software\Microsoft\Windows\CurrentVersion\Run MSN Messengger\MsRun32.exe HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Shell Explorer.exe MsRun32.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL CheckedValue 0
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.