AutoRun.EGW is a Worm. Worms spread from computer to computer, making copies of themselves over the network. They could spread over email, IM, peer-to-peer networks, or directly over the wire by leveraging vulnerabilities. AutoRun.EGW is compressed using the executable packer and its file size is 40,960 bytes. It also changes Windows registry: - Creates value "PHIME2002A"="C:\WINDOWS\System\svchost.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
- Creates value "PHIME2002ASync"="C:\WINDOWS\System\dumprep.exe" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".
It creates the following mutex to ensure only one instance is running: S-11-13-2007-DEMON. S-11-13-2007-ANGEL. It also is executed every time Windows starts.
|
