Worm program worm. win32.autorun. DG Solution

Source: Internet
Author: User

Worm program worm. win32.autorun. DG Solution

Virus name

Worm. win32.autorun. DG

Capture Time

2007-10-14

Virus symptoms

The virus is a worm program written in Delphi. It is 25,600 bytes in length, the icon is a regular executable file icon, and the virus extension is exe.

Virus analysis

After the worm program is activated, the internat.exe file is generated in the % SystemRoot % \ systemdirectory, which is started with the system in c: \ Documents ents and Settings \ All Users \ Application Data \ hosts; connected to a malicious website, in the local directory c: \ Documents ents and Settings \ All Users \ Application data, the iehelp.iniand iehelp.exefile paths are generated to inject themselves into the system explorer.exe process. You can use the command line to obtain all partitions except drive C in the system *. EXE file information, stored in % SystemRoot % \ win. in the log file, the file is infected according to the file list. All drive letters are traversed and Autorun is generated under the Local disk and the root directory of the Mobile storage. INF and set Up.exe file, trying to use Windows automatic playback function for propagation; check whether a debugger is running in the system to prevent debugging; find local area network sharing, trying to spread through the local area network.

The Registry Key Modified by the virus:
Item: HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run \
Key Value: ieserver
Point to file: assumer.exe

The autorun. inf content is as follows:
[Autorun]
Open‑setup.exe
Shellexecuteappssetup.exe
Shell \ open (& O) \ command=setup.exe

Infected object

Windows 98/Windows ME/Windows 2000/Windows XP/Windows 2003

Communication channels

File infection and removable storage

Security Prompt

If you have installed the micro-point active defense software, whether or not you have upgraded to the latest version, the micro-point active defense can effectively defend against the worm. If you have not upgraded the micro-point active defense software to the latest version, after the micro-point active defense software detects the virus, it will trigger an alarm prompting you to "discover unknown spies". Please delete the software directly (1 );

Figure 1

If you have upgraded the micro-point active defense software to the latest version, the micro-point will trigger an alarm prompting you to find "worm. win32.autorun. DG", please select Delete (2 ).

Figure 2

If you are using other anti-virus software, please upgrade your anti-virus software feature Library to the latest version for scanning and removal as soon as possible, and enable the firewall to block abnormal network access, if there are still exceptions, please contact professional security software vendors in time to obtain technical support.

If you do not have any micro-point active defense software installed, we recommend that you install it as soon as possible.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.