Worm.AutoRun.eav
Worm.AutoRun.eav is a worm that can duplicate itself and compromise your security to download and install other malicious programs without your consent. Worm.AutoRun.eav will create a backdoor in your security by opening ports and may also hide Worm.AutoRun.eav's activities with spoofs of native memory processes. Some versions of Worm.AutoRun.eav can also change your system settings to disable a variety of programs that could assist you in detecting or removing Worm.AutoRun.eav. Like all backdoor Trojans, Worm.AutoRun.eav is a high-priority security threat, and you should remove Worm.AutoRun.eav with appropriate anti-virus software the moment you catch Worm.AutoRun.eav on your PC.
Worm.AutoRun.eav - A Worm That's Adept at Hiding
The majority of Worm.AutoRun.eav infections have been reported to take place in 2008 and 2009, although a Worm.AutoRun.eav infection is still a threat to even the most modern Windows computers. Networked computers and computers that share removable devices are particularly vulnerable to being infected by Worm.AutoRun.eav, since standard worm functions let Worm.AutoRun.eav copy itself to network-shared locations and removable drives for automatic installation later.
Worm.AutoRun.eav infections can also be detected with the following names: Trojan.Sockrypt.Gen, BackDoor-DOQ, Worm:Win32/SillyShareCopy.gen and Virus.Win32.Lineage.351. As some of these names indicate, in addition to being a worm, Worm.AutoRun.eav can also display properties of a backdoor Trojan.
Worm.AutoRun.eav creates files like ctfmon.exe and spools.exe that imitate the baseline Windows processes that you would expect to see on any PC. Check memory usage and file locations to see if a suspicious file or memory process is really part of Windows or instead a component of Worm.AutoRun.eav.
The Worm.AutoRun.eav Trojan That Shows Your Registry No Mercy
Worm.AutoRun.eav's Trojan attributes will attack your security by way of the Windows Registry, making additions and deletions that leave your PC ripe for attack by remote criminals.
- Worm.AutoRun.eav will open a TCP port on your computer to allow an unfettered flow of information both from and to your computer. This can allow criminals to attack and control the computer's every action from remote locations, or merely let the criminal install other malicious software such as keyloggers or rogue security programs.
- Other system settings will also be modified, partially to perfect Worm.AutoRun.eav's disguise and partially to disable certain programs, such as VMWare. Worm.AutoRun.eav does this by changing the Windows Registry; although these changes don't harm the programs themselves, you may be unable to use the attacked programs until the Registry has been restored.
Besides disabled programs, Worm.AutoRun.eav may not give obvious indicators that Worm.AutoRun.eav is active, but you should assume that any Worm.AutoRun.eav infection is working in the background until you've taken measures to stop Worm.AutoRun.eav from starting.
File System Modifications
- The following files were created in the system:
# File Name 1 6FB219.EXE 2 83B2C82D.DLL 3 8EBE6FCF.DLL 4 aebfcbddecdfffeca.dll 5 afaadacbadddc.dll 6 ahr.exe 7 Application Datasvchost.exe 8 BEA23C.EXE 9 cftmom.exe 10 cftmon.exe 11 cftu.exe 12 cmd.exe 13 CSRSS.exe 14 cvasds0.dll 15 cvlu.exe 16 E05A84.EXE 17 explorcr.exe 18 explorer.exe 19 fffddeabacfda.dll 20 FlashGuard.exe 21 fool1.dll 22 fuwuqi.exe 23 guangd.exe 24 GuelmimG.bat 25 herss.exe 26 iexplorer.exe 27 Imgtask.exe 28 init.exe 29 ipilrws.exe 30 JACKsmall.exe 31 KEYBOARD.exe 32 kislab.exe 33 kvtrwkcc.exe 34 lsass.exe 35 M7K1H3A6.vbs 36 MAgent.exe 37 Mixa.exe 38 Msmsgs.exe 39 msupdt.exe 40 ntdetect.com 41 ohydy.exe 42 qbbtqcy.exe 43 rundli32.exe 44 rundll56.exe 45 scrss.exe 46 scvhost.exe 47 services.exe 48 SilentSoftech.exe 49 smss.exe 50 SVCHOST.exe 51 SVCHOST32.EXE 52 svchots.exe 53 sWx.exe 54 sysdiag64.exe 55 system.exe 56 systtray.exe 57 Syswin.exe 58 Thumbs.exe 59 tsay.exe 60 UbiRg.exe 61 userini.exe 62 userinit.exe 63 vshost32.exe 64 Win24DLL.exe 65 win32osf.exe 66 WindowsLive.exe 67 windowsmp.exe 68 winlog.exe 69 winlogon.exe 70 winsys.exe 71 XP-042EC9AF.EXE 72 XP-09A09F1E.EXE 73 XP-0EF5525C.EXE 74 XP-12B7E2EE.EXE 75 XP-12C950AE.EXE 76 XP-17010165.EXE 77 XP-172566D2.EXE 78 XP-21470116.EXE 79 XP-27EE4BE0.EXE 80 XP-2B689D56.EXE 81 XP-2D39A46D.EXE 82 XP-30ABA011.EXE 83 XP-337B8E53.EXE 84 XP-3451AFB8.EXE 85 XP-364C086F.EXE 86 XP-38B8CEBE.EXE 87 XP-3E5A95DF.EXE 88 XP-4D887B29.EXE 89 XP-590822A9.EXE 90 XP-5ADC2FB8.EXE 91 XP-5C37B42E.EXE 92 XP-5ED4BC61.EXE 93 XP-6A3A0D20.EXE 94 XP-6BB4378C.EXE 95 XP-6CF365E3.EXE 96 XP-71F06FE8.EXE 97 XP-822A840F.EXE 98 XP-84978424.EXE 99 XP-85A6D8DD.EXE 100 XP-87B203C2.EXE 101 XP-8F09BDB0.EXE 102 XP-8FF03DFF.EXE 103 XP-904B231F.EXE 104 XP-A252657D.EXE 105 XP-AA54AD69.EXE 106 XP-C6BBD855.EXE 107 XP-C748D768.EXE 108 XP-C8889B57.EXE 109 XP-C8C16F42.EXE 110 XP-CE0B6B01.EXE 111 XP-CE734A3C.EXE 112 XP-CF959062.EXE 113 XP-D41D8CD9.EXE 114 XP-D754771A.EXE 115 XP-DCB3C72C.EXE 116 XP-DDA58EAE.EXE 117 XP-E044478C.EXE 118 XP-E7D6DD34.EXE 119 XP-EA1E4442.EXE 120 XP-F09415CE.EXE 121 XP-F180A41E.EXE 122 XP-F3603667.EXE 123 XP-F787D259.EXE 124 xxz[1].exe
Registry Modifications
- The following newly produced Registry Values are:
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\USERINIT\ userinitHKEY..\..\..\..{RegistryKeys}RUNNING PROGRAM\explorer.exeHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\..{RunKeys}HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ AppHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ E05A84HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ FlashGuardHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ ImgTaskHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ MsmsgsHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ RunJava2HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Win32 ConsoleHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ XP-27EE4BE0HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ cftmomHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ egrrgdkHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ ntuser
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.