Posted: December 5, 2012

Worm:Win32/Vobfus.MD Description

Worm:Win32/Vobfus.MD is a worm that proliferates via network and removable drives and downloads other malware threats from a remote server. Once installed, Worm:Win32/Vobfus.MD drops potentially malicious files in the root folders of network and removable drives. Worm:Win32/Vobfus.MD also makes registry modifications. When executed, Worm:Win32/Vobfus.MD downloads a copy of itself as an executable file (.exe). Worm:Win32/Vobfus.MD modifies the certain registry entry to assure that its copy loads every time you start Windows. Worm:Win32/Vobfus.MD replicates itself to the root folder of all available network and removable drives. Worm:Win32/Vobfus.MD also sets an 'autorun.inf' file in the root directory of the affected drive. An 'autorun.inf' file contains instructions for the operating system so that when the removable drive is accessed, Worm:Win32/Vobfus.MD may be executed automatically. Worm:Win32/Vobfus.MD strives to contact the remote server to receive instructions. Worm:Win32/Vobfus.MD modifies computer settings of the infected PC by modifying the certain registry entry to block the display of files that have 'SYSTEM' and 'HIDDEN' attributes. Worm:Win32/Vobfus.MD also modifies the certain registry entry to disable the Automatic Updates feature of your computer.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Worm:Win32/Vobfus.MD may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Technical Details

Registry Modifications

The following newly produced Registry Values are:

HKEY..\..\{Value}HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced "ShowSuperHidden" = "0"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "peuolig" = "C:\Users\[user name]\peuolig.exe /n"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run "[malware file name]" = "%USERPROFILE%\[malware file name] /[random parameter]"HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU "NoAutoUpdate" = "1"
Home Malware Programs Worms Worm:Win32/Vobfus.MD

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.