Home Malware Programs Worms Worm.Ainslot.A

Worm.Ainslot.A

Posted: June 14, 2011

Threat Metric

Threat Level: 5/10
Infected PCs: 2,319
First Seen: February 16, 2011
Last Seen: April 6, 2021
OS(es) Affected: Windows

Worm.Ainslot.A is a worm that creates firewall exceptions for itself, to make remote contact with anonymous criminals. Such unauthorized activities are typically indicative of remote attackers seeking to control your PC through the use of Worm.Ainslot.A, and similar threats. As a worm, Worm.Ainslot.A can also copy itself and spread through networks and shared storage devices. For the safety of your computer, it's strongly encouraged that you delete Worm.Ainslot.A immediately with an appropriate anti-virus program.

How Worm.Ainslot.A Grabs a Free Ride Straight to Your PC

Worm.Ainslot.A uses similar propagation methods as other worm threats:

  • Worm.Ainslot.A can copy Worm.Ainslot.A's body to any or all drives on a computer, including drives based on removable devices like CDs. Network-shared locations are also at risk. These files may be hidden with the System or Hidden attributes, to remain invisible under default file-viewing settings.
  • Worm.Ainslot.A may also create Autorun.inf text files that cause the Worm.Ainslot.A duplicates, to install themselves automatically whenever a new computer accesses the infected drive. It should be noted that Autorun.inf files aren't inherently malicious and are used by legitimate programs, as well as exploited by infections like Worm.Ainslot.A.

By using these two techniques in combination, Worm.Ainslot.A can quickly spread too many computers that share folders or other resources. Worm.Ainslot.A alters the Registry to allow Worm.Ainslot.A to start whenever Windows starts, even though you may see no visual indications of Worm.Ainslot.A's activities.

Worm.Ainslot.A's Narrowly-Targeted but Deadly Payload

Worm.Ainslot.A is somewhat limited in terms of Worm.Ainslot.A's basic attacks, having been noted primarily for contacting remote hosts without permission. Your firewall will be modified to let Worm.Ainslot.A do this, while the firewall remains active.

Remote contact by threats like Worm.Ainslot.A is known to be an instigator for remote-controlled attacks like illegal DDoS activities, and can also be used to exert general control over a computer, or install other malicious software such as keyloggers and rogue security software.

Remote contact may also be used to report the time of the initial Worm.Ainslot.A infection, which lets an anonymous criminal make use of Worm.Ainslot.A's presence as soon as possible. Because of this urgent danger, you should delete Worm.Ainslot.A as soon as you find Worm.Ainslot.A on your PC. The recommended solution is to use Safe Mode and up-to-date security software to remove Worm.Ainslot.A, since undoing Worm.Ainslot.A's Registry changes and other attacks manually can be difficult.

Worm.Ainslot.A was first spotted in 2010, but has seen updates in 2011. Keep your security software equally updated to have the best chance of fighting off a Worm.Ainslot.A attack.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 0602.exe
    2 22659.exe
    3 529explorer.exe
    4 5555.exe
    5 ADBE_CS5_MasterKeygen.exe
    6 efhabky.exe
    7 explorer.exe
    8 Helpfulinstaller.exe
    9 ieTneVisbb.exe
    10 pe.exe
    11 rundll .exe
    12 RunescapeHacks (1).exe
    13 sethost.exe
    14 SNCWNEScLK.exe
    15 Svg64.exe
    16 syskex.exe
    17 Titties.exe
    18 WinDefender.exe
    19 WinDefenders22.exe

Aliases

Generic7_c.BZGE [AVG]W32/Injector_Autoit.HG [Fortinet]Artemis!4EC09FE2F8EF [McAfee]W32/Dapato.ARTH!tr [Fortinet]Worm/Ainslot.A.1040 [AntiVir]Trojan-Dropper.Win32.Dapato.arth [Kaspersky]Trojan.Kuluoz-208 [ClamAV]TrojanDropper.Dapato.arth [CAT-QuickHeal]Dropper.Generic4.BUSH [AVG]W32/Agent.FRMFYWJ [Fortinet]Trojan.Packed.22079 [DrWeb]Trojan.Generic.6802152 [BitDefender]probably a variant of Win32/Agent.GLCEYVM [NOD32]Artemis!01DE3FDBBE50 [McAfee]Trojan-FakeAV.Win32.Windef.qct [Kaspersky]
More aliases (2032)

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



%TEMP%\362364\svhost.exe File name: svhost.exe
Size: 1.18 MB (1188846 bytes)
MD5: df6da7a5184bff0a5c6ca574077af52e
Detection count: 110
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%\362364
Group: Malware file
Last Updated: February 6, 2013
%USERPROFILE%\awt43abr.exe File name: awt43abr.exe
Size: 197.02 KB (197025 bytes)
MD5: d59e95c397d6fc8cce604adc94a6d6ef
Detection count: 95
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%
Group: Malware file
Last Updated: April 8, 2013
%APPDATA%\Google\synceng.exe File name: synceng.exe
Size: 416.25 KB (416256 bytes)
MD5: c4b1d742aa2c8107b0f2cd17eb2e4f86
Detection count: 84
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Google
Group: Malware file
Last Updated: March 12, 2013
%APPDATA%\__000518fe.lnk File name: __000518fe.lnk
Size: 276.63 KB (276632 bytes)
MD5: ee18bdb08fdd1fbbaa838a6e7ae5cbe7
Detection count: 71
File type: Shortcut
Mime Type: unknown/lnk
Path: %APPDATA%
Group: Malware file
Last Updated: May 8, 2013
%TEMP%\FRW8LBWL5V.exe File name: FRW8LBWL5V.exe
Size: 195.28 KB (195280 bytes)
MD5: c783d030ce49c3152a406492f807faeb
Detection count: 61
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: February 11, 2013
%APPDATA%\wass.exe File name: wass.exe
Size: 502.6 KB (502608 bytes)
MD5: c1106027bca9443edac4512fd8d422a6
Detection count: 49
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: February 11, 2013
%TEMP%\XNR8LBWL5V.exe File name: XNR8LBWL5V.exe
Size: 195.28 KB (195280 bytes)
MD5: 9102be25255d00e7b8d494437e1d67e9
Detection count: 35
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: January 21, 2013
%APPDATA%\dad1.exe File name: dad1.exe
Size: 502.6 KB (502608 bytes)
MD5: 184cf0bb77f02e345749eb6a31f8cd2a
Detection count: 28
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: February 11, 2013
%TEMP%\WinDefender.Exe File name: WinDefender.Exe
Size: 739.32 KB (739328 bytes)
MD5: 3457d0a366f583896fb695c47003e374
Detection count: 26
File type: Executable File
Mime Type: unknown/Exe
Path: %TEMP%
Group: Malware file
Last Updated: February 6, 2013
%USERPROFILE%\1043\svhost.exe File name: svhost.exe
Size: 1 MB (1001673 bytes)
MD5: a193900a298316e5e06cb1fe0b4f0fe7
Detection count: 21
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\1043
Group: Malware file
Last Updated: March 29, 2013
%APPDATA%\xpbs.exe File name: xpbs.exe
Size: 486.23 KB (486232 bytes)
MD5: 0382d45b4fa4b16ff4ac13eed692d243
Detection count: 16
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: April 8, 2013
%TEMP%\0M11BOB3P8.exe File name: 0M11BOB3P8.exe
Size: 195.87 KB (195874 bytes)
MD5: 6aa63f131a62db1b723f49ffaa872bb2
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: January 21, 2013
%APPDATA%\senseulize\Fileadhesive.exe File name: Fileadhesive.exe
Size: 771.45 KB (771456 bytes)
MD5: bc73b362a9442cb96350b6737c9ff851
Detection count: 14
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\senseulize
Group: Malware file
Last Updated: February 22, 2013
%APPDATA%\halu.exe File name: halu.exe
Size: 193.31 KB (193314 bytes)
MD5: a57297e1637762670ad37d99219086fe
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: January 21, 2013
%APPDATA%\az.exe File name: az.exe
Size: 338.43 KB (338432 bytes)
MD5: ad1d3e7323ab3cb1e5b584bf70d2cae9
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: March 29, 2013
%APPDATA%\Windows Defender\11CXEH0KOB.exe File name: 11CXEH0KOB.exe
Size: 1.51 MB (1512309 bytes)
MD5: 013248f216797a7016ecab62420fa0d9
Detection count: 9
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%\Windows Defender
Group: Malware file
Last Updated: April 29, 2013
%APPDATA%\vbc.exe File name: vbc.exe
Size: 343.55 KB (343552 bytes)
MD5: bf23493c61b10f3b5f2c4ec46175c279
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: February 6, 2013
%USERPROFILE%\Documents\downloads\complete\Extensoft Artisteer 4.1.0.59861 Multilingual.rar\Extensoft Artisteer 4.1.0.59861 Multilingual.exe File name: Extensoft Artisteer 4.1.0.59861 Multilingual.exe
Size: 5.4 MB (5400576 bytes)
MD5: 22f19ce769d87c41a53a184f373eddef
Detection count: 7
File type: Executable File
Mime Type: unknown/exe
Path: %USERPROFILE%\Documents\downloads\complete\Extensoft Artisteer 4.1.0.59861 Multilingual.rar
Group: Malware file
Last Updated: April 29, 2013
%TEMP%\WinDefender.Exe File name: WinDefender.Exe
Size: 280.57 KB (280576 bytes)
MD5: 213479bfdeffaa456e972587e09680fc
Detection count: 5
File type: Executable File
Mime Type: unknown/Exe
Path: %TEMP%
Group: Malware file
Last Updated: March 12, 2013
%APPDATA%\bot.exe File name: bot.exe
Size: 2.14 MB (2148780 bytes)
MD5: 58a4d3ec2667249a90b80c53972d789c
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: April 22, 2013
%APPDATA%\winbot-dofus.exe File name: winbot-dofus.exe
Size: 837.12 KB (837120 bytes)
MD5: d0d03749a8e2a82d377f5d2021960c50
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %APPDATA%
Group: Malware file
Last Updated: May 3, 2013
%TEMP%\SharedReg.exe File name: SharedReg.exe
Size: 476.16 KB (476160 bytes)
MD5: 896214587e3d17c7682a65485b573a09
Detection count: 5
File type: Executable File
Mime Type: unknown/exe
Path: %TEMP%
Group: Malware file
Last Updated: April 22, 2013

More files
Loading...