Home Malware Programs Worms Worm:Win32/Vobfus.SO

Worm:Win32/Vobfus.SO

Posted: September 3, 2013

Worm:Win32/Vobfus.SO is a worm that circulates via network drives and removable drives. Worm:Win32/Vobfus.SO may also download and run arbitrary files. When activated, Worm:Win32/Vobfus.SO replicates itself to certain locations. Worm:Win32/Vobfus.SO creates potentially malicious files on an infected computer. Worm:Win32/Vobfus.SO sets an 'autorun.inf' file in the root directory of the affected drive. Such 'autorun.inf' files contain execution instructions for the operating system, so when the removable drive is accessed from another computer supporting the Autorun feature, Worm:Win32/Vobfus.SO is initiated automatically. Worm:Win32/Vobfus.SO may contact a remote host at
Ns1.boxonline1.com using port 7001. Usually, Worm:Win32/Vobfus.SO may contact a remote host to download and run arbitrary files (involving updates or additional malware threats), to report a new infection to its author, to upload data taken from the targeted computer, to receive configuration or other data and to receive instructions from a remote attacker.

Technical Details

File System Modifications

Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.

The following files were created in the system:



[TARGETED DRIVE]:\sexy.exe File name: [TARGETED DRIVE]:\sexy.exe
File type: Executable File
Mime Type: unknown/exe
[TARGETED DRIVE]:\porn.exe File name: [TARGETED DRIVE]:\porn.exe
File type: Executable File
Mime Type: unknown/exe
[TARGETED DRIVE]:\secret.exe File name: [TARGETED DRIVE]:\secret.exe
File type: Executable File
Mime Type: unknown/exe
[TARGETED DRIVE]:\subst.exe File name: [TARGETED DRIVE]:\subst.exe
File type: Executable File
Mime Type: unknown/exe
[TARGETED DRIVE]:\qlmew.exe File name: [TARGETED DRIVE]:\qlmew.exe
File type: Executable File
Mime Type: unknown/exe
[TARGETED DRIVE]:\passwords.exe File name: [TARGETED DRIVE]:\passwords.exe
File type: Executable File
Mime Type: unknown/exe
C:\Documents and Settings\<username>\rcx1a.tmp File name: C:\Documents and Settings\<username>\rcx1a.tmp
File type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx1b.tmp File name: C:\Documents and Settings\<username>\rcx1b.tmp
File type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx1c.tmp File name: C:\Documents and Settings\<username>\rcx1c.tmp
File type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx1d.tmp File name: C:\Documents and Settings\<username>\rcx1d.tmp
File type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx1e.tmp File name: C:\Documents and Settings\<username>\rcx1e.tmp
File type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx1f.tmp File name: C:\Documents and Settings\<username>\rcx1f.tmp
File type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx10.tmp File name: C:\Documents and Settings\<username>\rcx10.tmp
File type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx11.tmp File name: C:\Documents and Settings\<username>\rcx11.tmp
File type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx12.tmp File name: C:\Documents and Settings\<username>\rcx12.tmp
File type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx13.tmp File name: C:\Documents and Settings\<username>\rcx13.tmp
File type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx14.tmp File name: C:\Documents and Settings\<username>\rcx14.tmp
File type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx15.tmp File name: C:\Documents and Settings\<username>\rcx15.tmp
File type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx16.tmp File name: C:\Documents and Settings\<username>\rcx16.tmp
File type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx17.tmp File name: C:\Documents and Settings\<username>\rcx17.tmp
File type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx18.tmp File name: C:\Documents and Settings\<username>\rcx18.tmp
File type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx19.tmp File name: C:\Documents and Settings\<username>\rcx19.tmp
File type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx20.tmp File name: C:\Documents and Settings\<username>\rcx20.tmp
File type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx21.tmp File name: C:\Documents and Settings\<username>\rcx21.tmp
File type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx22.tmp File name: C:\Documents and Settings\<username>\rcx22.tmp
File type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx23.tmp File name: C:\Documents and Settings\<username>\rcx23.tmp
File type: Temporary File
Mime Type: unknown/tmp

Additional Information

The following URL's were detected:
Ns1.boxonline1.com
Loading...