WORM_OTORUN.ASH

Posted: October 5, 2011

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	5/10
Infected PCs:	19

First Seen:	October 5, 2011
Last Seen:	April 1, 2020
OS(es) Affected:	Windows

WORM_OTORUN.ASH is a worm that contains dropper Trojan properties that allow WORM_OTORUN.ASH to install other forms of undesirable software onto your PC. Like most worms, WORM_OTORUN.ASH can copy itself to locations of your computer that are likely to contact other computers and may install itself automatically when these locations are accessed by an uninfected system. Although SpywareRemove.com malware experts have found that WORM_OTORUN.ASH doesn't contain any directly destructive traits, WORM_OTORUN.ASH does have the potential to cause high damage due to being able to install additional infections, and you should remove WORM_OTORUN.ASH as soon as possible. Deleting WORM_OTORUN.ASH should make use of dedicated anti-malware software whenever possible, since WORM_OTORUN.ASH is a relatively advanced PC threat and can avoid standard uninstallation techniques.

WORM_OTORUN.ASH – A Slippery Worm Even in Safe Mode

The most common source of WORM_OTORUN.ASH infection is via a removable drive device or a directory that's shared on a local network. WORM_OTORUN.ASH will try to copy itself to these locations, hide the relevant files and then exploit Autorun.inf vulnerabilities to install itself whenever these locations are accessed. Accordingly, you should keep tight security around removable hard drives or network-shared folders to stop WORM_OTORUN.ASH from spreading to other computers.

WORM_OTORUN.ASH disguises itself as a font file and will delete WORM_OTORUN.ASH's initially-executed file to conceal WORM_OTORUN.ASH's presence. Beyond that, WORM_OTORUN.ASH will also spread itself by using LNK vulnerabilities that are specific to Windows 2K, XP and Server 2003. SpywareRemove.com malware researchers strongly encourage you to keep Windows up-to-date to patch out this vulnerability and limit WORM_OTORUN.ASH's ability to propagate.

Perhaps the most irksome aspect of WORM_OTORUN.ASH is WORM_OTORUN.ASH's ability to run even in Safe Mode. This makes deleting WORM_OTORUN.ASH a particularly onerous task that requires both high-level anti-malware software and a great deal of patience, since you may need to reboot and scan your PC several times to be certain that all copies of WORM_OTORUN.ASH have been eradicated.

A Look at the Prospective Payload of a WORM_OTORUN.ASH Worm

SpywareRemove.com malware researchers have also noted WORM_OTORUN.ASH's ability to perform standard Trojan activities, including removal of network-related security, downloading malicious software and installing programs without permission. Potential WORM_OTORUN.ASH payloads can include:

Remote Administration Tools and backdoor Trojans that allow distant criminals to control your PC.
Spyware programs that record private information and send it to criminals to be used for a variety of illicit deeds, including identify theft and account hijacks.
Rogue programs that fake the features of security products or defraggers while trying to persuade you to spend money on their nonexistent benefits.

Due to WORM_OTORUN.ASH's ability to duplicate itself and WORM_OTORUN.ASH's overall evasive nature, manual deletion of WORM_OTORUN.ASH isn't an ideal method of removal. Anti-malware scanners that are capable of dealing with high-level PC threats are the best way to remove WORM_OTORUN.ASH while also insuring that your operating system isn't harmed in the process.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:

spr.dll

File name: spr.dll
Size: 11.77 KB (11776 bytes)
MD5: 02be880e5f7d7dd01531f6cae8112e01
Detection count: 9
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: April 1, 2020

BKDR_TDSS.ASH

File name: BKDR_TDSS.ASH
Mime Type: unknown/ASH
Group: Malware file

TROJ_OTORUN.SMF

File name: TROJ_OTORUN.SMF
Mime Type: unknown/SMF
Group: Malware file

LNK_OTORUN.SM

File name: LNK_OTORUN.SM
Mime Type: unknown/SM
Group: Malware file

EXPL_CPLNK.SM

File name: EXPL_CPLNK.SM
Mime Type: unknown/SM
Group: Malware file

BKDR_TDSS.KARU

File name: BKDR_TDSS.KARU
Mime Type: unknown/KARU
Group: Malware file

%User Temp%\\srv{RANDOM CHARACTERS}.ini

File name: %User Temp%\\srv{RANDOM CHARACTERS}.ini
Mime Type: unknown/ini
Group: Malware file

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\srv{RANDOM CHARACTERS}HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\srv{RANDOM CHARACTERS}