Worm:Win32/Vobfus.SO
Worm:Win32/Vobfus.SO is a worm that circulates via network drives and removable drives. Worm:Win32/Vobfus.SO may also download and run arbitrary files. When activated, Worm:Win32/Vobfus.SO replicates itself to certain locations. Worm:Win32/Vobfus.SO creates potentially malicious files on an infected computer. Worm:Win32/Vobfus.SO sets an 'autorun.inf' file in the root directory of the affected drive. Such 'autorun.inf' files contain execution instructions for the operating system, so when the removable drive is accessed from another computer supporting the Autorun feature, Worm:Win32/Vobfus.SO is initiated automatically. Worm:Win32/Vobfus.SO may contact a remote host at
Ns1.boxonline1.com using port 7001. Usually, Worm:Win32/Vobfus.SO may contact a remote host to download and run arbitrary files (involving updates or additional malware threats), to report a new infection to its author, to upload data taken from the targeted computer, to receive configuration or other data and to receive instructions from a remote attacker.
Technical Details
File System Modifications
Tutorials: If you wish to learn how to remove malware components manually, you can read the tutorials on how to find malware, kill unwanted processes, remove malicious DLLs and delete other harmful files. Always be sure to back up your PC before making any changes.
The following files were created in the system:[TARGETED DRIVE]:\sexy.exe
File name: [TARGETED DRIVE]:\sexy.exeFile type: Executable File
Mime Type: unknown/exe
[TARGETED DRIVE]:\porn.exe
File name: [TARGETED DRIVE]:\porn.exeFile type: Executable File
Mime Type: unknown/exe
[TARGETED DRIVE]:\secret.exe
File name: [TARGETED DRIVE]:\secret.exeFile type: Executable File
Mime Type: unknown/exe
[TARGETED DRIVE]:\subst.exe
File name: [TARGETED DRIVE]:\subst.exeFile type: Executable File
Mime Type: unknown/exe
[TARGETED DRIVE]:\qlmew.exe
File name: [TARGETED DRIVE]:\qlmew.exeFile type: Executable File
Mime Type: unknown/exe
[TARGETED DRIVE]:\passwords.exe
File name: [TARGETED DRIVE]:\passwords.exeFile type: Executable File
Mime Type: unknown/exe
C:\Documents and Settings\<username>\rcx1a.tmp
File name: C:\Documents and Settings\<username>\rcx1a.tmpFile type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx1b.tmp
File name: C:\Documents and Settings\<username>\rcx1b.tmpFile type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx1c.tmp
File name: C:\Documents and Settings\<username>\rcx1c.tmpFile type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx1d.tmp
File name: C:\Documents and Settings\<username>\rcx1d.tmpFile type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx1e.tmp
File name: C:\Documents and Settings\<username>\rcx1e.tmpFile type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx1f.tmp
File name: C:\Documents and Settings\<username>\rcx1f.tmpFile type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx10.tmp
File name: C:\Documents and Settings\<username>\rcx10.tmpFile type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx11.tmp
File name: C:\Documents and Settings\<username>\rcx11.tmpFile type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx12.tmp
File name: C:\Documents and Settings\<username>\rcx12.tmpFile type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx13.tmp
File name: C:\Documents and Settings\<username>\rcx13.tmpFile type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx14.tmp
File name: C:\Documents and Settings\<username>\rcx14.tmpFile type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx15.tmp
File name: C:\Documents and Settings\<username>\rcx15.tmpFile type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx16.tmp
File name: C:\Documents and Settings\<username>\rcx16.tmpFile type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx17.tmp
File name: C:\Documents and Settings\<username>\rcx17.tmpFile type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx18.tmp
File name: C:\Documents and Settings\<username>\rcx18.tmpFile type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx19.tmp
File name: C:\Documents and Settings\<username>\rcx19.tmpFile type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx20.tmp
File name: C:\Documents and Settings\<username>\rcx20.tmpFile type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx21.tmp
File name: C:\Documents and Settings\<username>\rcx21.tmpFile type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx22.tmp
File name: C:\Documents and Settings\<username>\rcx22.tmpFile type: Temporary File
Mime Type: unknown/tmp
C:\Documents and Settings\<username>\rcx23.tmp
File name: C:\Documents and Settings\<username>\rcx23.tmpFile type: Temporary File
Mime Type: unknown/tmp
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.