Home > Others

Encountered worm. usbspy. A/worm. win32.delf. AJ

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

EndurerOriginal

2006-01Version

A friend of mine sent his mobile hard disk to a computer and used it normally in the morning. However, there was an error message about data protection in the afternoon.

This friend's computer uses Win XP SP2. Because it is not connected to the Internet, he cannot download software such as hijackthis from the Internet for analysis.

The task manager finds a process named wincfgs.exe. the icon is a yellow question mark, which is suspicious and stops.

Open the Command Prompt window to search for files:
/------------
C:/Documents and Settings/user> attrib/wincfgs *. */s
Shr c:/Windows/system32/wincfgs.exe
------------/
The file is stored in C:/Windows/system32 and has system, hidden, and read-only attributes. It is backed up by WinRAR and deleted.

Open the Registry Editor and search for items that contain "wincfgs ".
/------------
[HKEY_CURRENT_USER/software/Microsoft/Windows NT/CurrentVersion/Windows]
"Load" = "C: // windows // system32 // wincfgs.exe"
------------/

Check the mobile hard disk and find autorun. inf in the root directory. The file content is as follows:
/----------
[Autorun]
Open =./recycler/autorun.exe

Shell/1 = open
Shell/1/command =./recycler/autorun.exe
Shell/2/= Browser
Shell/2/command =./recycler/autorun.exe

ShellExecute =./recycler/autorun.exe
----------/
A file named autorun.exe is hidden in the recycle bin.
By using fccommand, autorun.exe is exactly the same as wincfgs.exe.

RisingWorm. usbspy..

Status: finished

Complete scanning result of "wincfgs.exe", received in virustotal at 09.12.2006, 06:40:13 (CET ).

Antivirus Version Update Result
AntiVir 7.1.1.16 09.11.2006 Worm/Delf. aj.1
Authentium 4.93.8 09.11.2006 W32/sillyworm. Re
Avast 4.7.844.0 09.11.2006 Win32: Delf-aqt
AVG 386 09.11.2006 Worm/Delf. GW
BitDefender 7.2 09.12.2006 Trojan. Agent. AAE
Cat-quickheal 8.00 09.11.2006 Worm. Delf. AJ
ClamAV Devel-20060426 09.12.2006 Worm. Delf-21
Drweb 4.33 09.11.2006 Trojan. muldrop.3780
ETrust-inoculateit 23.72.122 09.12.2006 Win32/usbspy.1pk! Trojan
ETrust-vet 30.3.3071 09.11.2006 Win32/bypuss.
Ewido 4.0 09.11.2006 Worm. Delf. AJ
Fortinet 2.77.0.0 09.11.2006 W32/Delf. AJ! Worm
F-Prot 3.16f 09.11.2006 W32/sillyworm. Re
F-Prot4 4.2.1.29 09.11.2006 W32/sillyworm. Re
Ikarus 0.2.65.0 09.11.2006 No virus found
Kaspersky 4.0.2.24 09.12.2006 Worm. win32.delf. AJ
McAfee 4849 09.11.2006 Generic MultiDropper. B
Microsoft 1.1560 09.12.2006 No virus found
Nod32v2 1.1750 09.11.2006 Win32/Delf. AJ
Norman 5.90.23 09.11.2006 W32/Delf. Omo
Panda 9.0.0.4 09.11.2006 Adware/look2me
Sophos 4.09.0 09.11.2006 W32/Delf-Crk
Symantec 8.0 09.12.2006 No virus found
Thehacker 5.9.8.209 09.11.2006 W32/Delf. AJ
Una 1.83 09.11.2006 Worm. win32.delf
Vba32 3.11.1 09.12.2006 Worm. win32.delf. AJ
Virusbuster 4.3.7: 9 09.11.2006 Worm. Delf. azx

Aditional Information

File Size: 47104 bytes

MD5: 07adddef653a702b9a11edbcee07e82b

Sha1: 97729f6df1cd96b61e3e2bc1a841adf1720e2ec5

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
koobface worm worm eradicator worm boots cartoon worm worm spyware computer worm trojan worm removal

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More