Win32.HLLW.Autoruner.64548
Posted: May 17, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 5/10 |
|---|---|
| Infected PCs: | 12 |
| First Seen: | May 17, 2012 |
|---|---|
| OS(es) Affected: | Windows |
Win32.HLLW.Autoruner.64548 is a worm with some capabilities that are common to backdoor Trojans, such as being able to configure its behavior or download malicious files via remote Command & Control servers. Along with having all of these features and typical worm propagation attacks, Win32.HLLW.Autoruner.64548 has also earned a minor place in the hall of malware infamy for its ability to infect .rar files (an archive format that's a popular alternative to .zip files). SpywareRemove.com malware experts encourage you to scan your PC after any potential Win32.HLLW.Autoruner.64548 infection, but especially warn against allowing Win32.HLLW.Autoruner.64548 to spread through the aforementioned archive files, local network-shared directories or removable HD devices. You should delete Win32.HLLW.Autoruner.64548 with a suitable anti-malware product after you've confirmed its presence on your PC, since Win32.HLLW.Autoruner.64548 poses the same risk to your computer as any backdoor Trojan or worm, and can quickly complicate an infection by installing other PC threats.
Win32.HLLW.Autoruner.64548: A Worm from Russia with Loathing
Win32.HLLW.Autoruner.64548 was first detected by Russian PC security companies in mid-May of 2012, and as a recently-identified worm, may be undetectable by anti-malware programs that haven't had their databases updated. Like almost all worms, Win32.HLLW.Autoruner.64548 can use a simple Autorun-based exploit to spread to other computers; this exploit lets Win32.HLLW.Autoruner.64548 automatically install itself on any computer that accesses an infected PC's hard drive via a network or shares a removable hard drive device with such a computer. Accordingly, SpywareRemove.com malware experts encourage a quarantine on Win32.HLLW.Autoruner.64548 as the first step to stopping a propagating Win32.HLLW.Autoruner.64548 infection, and don't recommend that you have any contact with the above contamination points until Win32.HLLW.Autoruner.64548 has been deleted by some form of appropriate security software.
Win32.HLLW.Autoruner.64548 also hides its library component in the Windows folder while Win32.HLLW.Autoruner.64548 loads the rest of its code into your PC's memory, which makes manual detection or deletion of Win32.HLLW.Autoruner.64548 predictably difficult. Like all worms, Win32.HLLW.Autoruner.64548 is also likely to create multiple copies of itself that are hidden in various locations, such as your PC's root drive. After being launched, Win32.HLLW.Autoruner.64548 will attempt to contact a remote server to receive configuration data, but Win32.HLLW.Autoruner.64548 may also use this server to download and install other PC threats or send private information to it.
What's Special About Win32.HLLW.Autoruner.64548's Love of Archives
While Win32.HLLW.Autoruner.64548's Command & Control server-based attacks can be considered the worst of its capabilities, SpywareRemove.com malware researchers have also turned wary eyes to Win32.HLLW.Autoruner.64548's ability to infect RAR files. Although Win32.HLLW.Autoruner.64548's files outside of such files are almost certain to be concealed, Win32.HLLW.Autoruner.64548 infects these archive files by adding files that should be visible in any any RAR-compatible file-viewing program. Common file names for Win32.HLLW.Autoruner.64548 RAR files include key generator files (such as Avast_keygen.exe), generic names like Tutorial.exe and even names that reference popular game exploits like Warcraft_money.exe. Unusual files that appear to be added to your RAR archives without your consent should always be viewed with suspicion, and, if possible, should be scanned with a good anti-malware product.
Since Win32.HLLW.Autoruner.64548 exhibits a range of problematic traits that include potentially downloading other types of malicious programs, you should always scan your computer as thoroughly as possible if you suspect a potential Win32.HLLW.Autoruner.64548 infection. SpywareRemove.com malware experts warn that other than the aforementioned file changes to RAR files, you may not see any significant symptoms of Win32.HLLW.Autoruner.64548's attacks.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:Autoruns.exe
File name: Autoruns.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Avast_keygen.exe
File name: Avast_keygen.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
AVIRA_License.exe
File name: AVIRA_License.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
CS16.exe
File name: CS16.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Keygen.exe
File name: Keygen.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
private.exe
File name: private.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Readme.exe
File name: Readme.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Real.exe
File name: Real.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
secret.exe
File name: secret.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Tutorial.exe
File name: Tutorial.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Update.exe
File name: Update.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Warcraft_money.exe
File name: Warcraft_money.exeFile type: Executable File
Mime Type: unknown/exe
Group: Malware file
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.