AutoRun.AKFU_2 is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. AutoRun.AKFU_2 is compressed using the executable packer and its file size is 12,800 bytes. It uses the network connection: - Connects to "unixdevelopemnt.info" on port 6667 (TCP).
- Connects to IRC server.
AutoRun.AKFU_2 drops the following files on the hard drive: - C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\Desktop.ini (62 bytes)
- C:\RECYCLER\k-1-3542-4232123213-7676767-8888886\hn.exe (12800 bytes)
It creates the following mutex to ensure only one instance is running: root_v_1. It also attempts to acquire the "SeDebugPrivilege" privileges, monitors the list of running processes.
|
