Páginas: 2 (469 palabras) Publicado: 3 de julio de 2009
Virus Characteristics
This detection is for a worm. It attempts to spread to accessible drives by creating an autorun.inf file, which will run the worm automatically. Additional files may then beobtained to install additional malware.
Upon execution, the following registry keys are created: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B45FF030-4447-11D2-85DE-00C04FA35C89}
 HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E97E-E325-11CE-BFC1-08002BE10318}\v HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Class\{8ECC055D-047F-11D1-A537-0000F8753ED1}\0026
The following files are written to the root of writeable volumes:
The following files may also be added to an infected host:
%Root%\RECYCLER\[Recylcer ID]\winmap32.exe

Contact maybe initiated with the following Domains:[Removed].info

All Users:
Use current engine and DAT filesfor detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engineand DAT combination (or higher).
Additional Windows ME/XP removal considerations
Disabling System Restore
Windows ME and XP utilize a restore utility that backs up selected files automatically tothe C:\_Restore folder. This means that an infected file could be stored there as a backup file, and VirusScan will be unable to delete these files. You must disable the System Restore Utility...
Leer documento completo

Regístrate para leer el documento completo.

Conviértase en miembro formal de Buenas Tareas