Home Malware Programs Worms Worm.Win32.AutoRun.bkxp

Worm.Win32.AutoRun.bkxp

Posted: October 13, 2010

Worm.Win32.AutoRun.bkxp is a network-aware worm that attempts to replicate across the existing network. Worm.Win32.AutoRun.bkxp makes use of a program that downloads files to the local computer that may represent security risk as it is capable of modifying other files by infecting, prepending, or overwriting them with its own body. Use a reliable malware remover to make sure your PC is free from Worm.Win32.AutoRun.bkxp.

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %CommonAppData%\iSpeak
    2 %CommonPrograms%\iSpeak6.5
    3 %ProgramFiles%\Changetech
    4 %ProgramFiles%\Changetech\iSpeak6.5
    5 %ProgramFiles%\Changetech\iSpeak6.5\0
    6 %ProgramFiles%\Changetech\iSpeak6.5\cache
    7 %ProgramFiles%\Changetech\iSpeak6.5\cache\Ad
    8 %ProgramFiles%\Changetech\iSpeak6.5\cache\tv
    9 %ProgramFiles%\Changetech\iSpeak6.5\cache\urlver
    10 %ProgramFiles%\Changetech\iSpeak6.5\datafiles
    11 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs
    12 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal
    13 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal-SP
    14 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images
    15 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\button
    16 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\button\hover
    17 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\button\normal
    18 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\button\pushed
    19 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\button\pushedoff
    20 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\Checkbox
    21 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\Editbox
    22 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\FrameWindow
    23 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\FrameWindow\ThinBorder
    24 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\FrameWindow\TitleBar
    25 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\FrameWindow\TitleBar\active
    26 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\FrameWindow\TitleBar\CloseButton
    27 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\FrameWindow\TitleBar\deactive
    28 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\FrameWindow\TitleBar\MiniButton
    29 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\FrameWindow\TitleBar\ThinBorder
    30 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\Ime
    31 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\Ime\CandidateBox
    32 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\Ime\CompositionBox
    33 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\Ime\ImeWindow
    34 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\Ime\ImeWindow\Shape
    35 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\Ime\ImeWindow\Symbole
    36 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\mousecursor
    37 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\MultiColumnList
    38 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\MultiColumnList\Header
    39 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\MultiLineEditbox
    40 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\MultiLineEditbox\ThinBorder
    41 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\scrollbar
    42 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\scrollbar\MiniHorz
    43 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\scrollbar\MiniVert
    44 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\ScrollPane
    45 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\ScrollPane\Horz
    46 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\ScrollPane\Vert
    47 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\slider
    48 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\slider\horz
    49 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\slider\vert
    50 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\static
    51 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\TabControl
    52 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\TabControl\button
    53 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\TabControl\button\bottom
    54 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\TabControl\button\bottom\hover
    55 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\TabControl\button\bottom\normal
    56 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\TabControl\button\bottom\selected
    57 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\TabControl\button\bottom\selectedhover
    58 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\TabControl\button\top
    59 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\TabControl\button\top\hover
    60 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\TabControl\button\top\hover\ThinBorder
    61 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\TabControl\button\top\normal
    62 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\TabControl\button\top\normal\ThinBorder
    63 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\TabControl\button\top\selected
    64 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\TabControl\button\top\selected\ThinBorder
    65 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\TabControl\button\top\selectedhover
    66 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\TabControl\button\top\selectedhover\ThinBorder
    67 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\TabControl\ContentPane
    68 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\TabControl\ContentPane\ThinBorder
    69 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\ToolTip
    70 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\configs\QinHeIS-skin-normal\images\Tree
    71 %ProgramFiles%\Changetech\iSpeak6.5\datafiles\errinfo
    72 %ProgramFiles%\Changetech\iSpeak6.5\face
    73 %ProgramFiles%\Changetech\iSpeak6.5\Images
    74 %ProgramFiles%\Changetech\iSpeak6.5\skin

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2933BF90-7B36-11d2-B20E-00C04F983E60}\SideBySide][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{44EC053A-400F-11D0-9DCD-00A0C90391D3}\InprocServer32][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2933BF80-7B36-11D2-B20E-00C04F983E60}\TypeLib][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2933BF81-7B36-11D2-B20E-00C04F983E60}\TypeLib][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2933BF82-7B36-11D2-B20E-00C04F983E60}\TypeLib][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2933BF83-7B36-11D2-B20E-00C04F983E60}\TypeLib][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2933BF84-7B36-11D2-B20E-00C04F983E60}\TypeLib][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2933BF85-7B36-11D2-B20E-00C04F983E60}\TypeLib][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2933BF86-7B36-11D2-B20E-00C04F983E60}\TypeLib][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2933BF87-7B36-11D2-B20E-00C04F983E60}\TypeLib][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2933BF88-7B36-11D2-B20E-00C04F983E60}\TypeLib][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2933BF89-7B36-11D2-B20E-00C04F983E60}\TypeLib][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2933BF8A-7B36-11D2-B20E-00C04F983E60}\TypeLib][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2933BF8B-7B36-11D2-B20E-00C04F983E60}\TypeLib][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2933BF8E-7B36-11D2-B20E-00C04F983E60}\TypeLib][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{2933BF8F-7B36-11D2-B20E-00C04F983E60}\TypeLib][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3EFAA413-272F-11D2-836F-0000F87A7782}\TypeLib][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{3EFAA426-272F-11D2-836F-0000F87A7782}\TypeLib][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{44EC0535-400F-11D0-9DCD-00A0C90391D3}\1.0\0\win32]HKEY..\..\..\..{RegistryKeys}(Default) =Version =
Loading...