WORM_OTORUN.ASH
Posted: October 5, 2011
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
Threat Level: | 5/10 |
---|---|
Infected PCs: | 19 |
First Seen: | October 5, 2011 |
---|---|
Last Seen: | April 1, 2020 |
OS(es) Affected: | Windows |
WORM_OTORUN.ASH is a worm that contains dropper Trojan properties that allow WORM_OTORUN.ASH to install other forms of undesirable software onto your PC. Like most worms, WORM_OTORUN.ASH can copy itself to locations of your computer that are likely to contact other computers and may install itself automatically when these locations are accessed by an uninfected system. Although SpywareRemove.com malware experts have found that WORM_OTORUN.ASH doesn't contain any directly destructive traits, WORM_OTORUN.ASH does have the potential to cause high damage due to being able to install additional infections, and you should remove WORM_OTORUN.ASH as soon as possible. Deleting WORM_OTORUN.ASH should make use of dedicated anti-malware software whenever possible, since WORM_OTORUN.ASH is a relatively advanced PC threat and can avoid standard uninstallation techniques.
WORM_OTORUN.ASH – A Slippery Worm Even in Safe Mode
The most common source of WORM_OTORUN.ASH infection is via a removable drive device or a directory that's shared on a local network. WORM_OTORUN.ASH will try to copy itself to these locations, hide the relevant files and then exploit Autorun.inf vulnerabilities to install itself whenever these locations are accessed. Accordingly, you should keep tight security around removable hard drives or network-shared folders to stop WORM_OTORUN.ASH from spreading to other computers.
WORM_OTORUN.ASH disguises itself as a font file and will delete WORM_OTORUN.ASH's initially-executed file to conceal WORM_OTORUN.ASH's presence. Beyond that, WORM_OTORUN.ASH will also spread itself by using LNK vulnerabilities that are specific to Windows 2K, XP and Server 2003. SpywareRemove.com malware researchers strongly encourage you to keep Windows up-to-date to patch out this vulnerability and limit WORM_OTORUN.ASH's ability to propagate.
Perhaps the most irksome aspect of WORM_OTORUN.ASH is WORM_OTORUN.ASH's ability to run even in Safe Mode. This makes deleting WORM_OTORUN.ASH a particularly onerous task that requires both high-level anti-malware software and a great deal of patience, since you may need to reboot and scan your PC several times to be certain that all copies of WORM_OTORUN.ASH have been eradicated.
A Look at the Prospective Payload of a WORM_OTORUN.ASH Worm
SpywareRemove.com malware researchers have also noted WORM_OTORUN.ASH's ability to perform standard Trojan activities, including removal of network-related security, downloading malicious software and installing programs without permission. Potential WORM_OTORUN.ASH payloads can include:
- Remote Administration Tools and backdoor Trojans that allow distant criminals to control your PC.
- Spyware programs that record private information and send it to criminals to be used for a variety of illicit deeds, including identify theft and account hijacks.
- Rogue programs that fake the features of security products or defraggers while trying to persuade you to spend money on their nonexistent benefits.
Due to WORM_OTORUN.ASH's ability to duplicate itself and WORM_OTORUN.ASH's overall evasive nature, manual deletion of WORM_OTORUN.ASH isn't an ideal method of removal. Anti-malware scanners that are capable of dealing with high-level PC threats are the best way to remove WORM_OTORUN.ASH while also insuring that your operating system isn't harmed in the process.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:spr.dll
File name: spr.dllSize: 11.77 KB (11776 bytes)
MD5: 02be880e5f7d7dd01531f6cae8112e01
Detection count: 9
File type: Dynamic link library
Mime Type: unknown/dll
Group: Malware file
Last Updated: April 1, 2020
BKDR_TDSS.ASH
File name: BKDR_TDSS.ASHMime Type: unknown/ASH
Group: Malware file
TROJ_OTORUN.SMF
File name: TROJ_OTORUN.SMFMime Type: unknown/SMF
Group: Malware file
LNK_OTORUN.SM
File name: LNK_OTORUN.SMMime Type: unknown/SM
Group: Malware file
EXPL_CPLNK.SM
File name: EXPL_CPLNK.SMMime Type: unknown/SM
Group: Malware file
BKDR_TDSS.KARU
File name: BKDR_TDSS.KARUMime Type: unknown/KARU
Group: Malware file
%User Temp%\\srv{RANDOM CHARACTERS}.ini
File name: %User Temp%\\srv{RANDOM CHARACTERS}.iniMime Type: unknown/ini
Group: Malware file
Registry Modifications
HKEY..\..\..\..{Subkeys}HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\SafeBoot\\Minimal\srv{RANDOM CHARACTERS}HKEY_LOCAL_MACHINE\\SYSTEM\\CurrentControlSet\\Services\srv{RANDOM CHARACTERS}
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.