## Sonicwall Signatures

Go to All Categories list.

 AutoRun.WJI
 AutoRun.WJIis a Worm. Autorun is a family of Worms that spreads by copying itself to network shares and removable drives. Some variants of this family are also capable of adding themselves to archive files on the victim machine. They are known to download additional malicious components to further damage the victims system. Process Related Changes It creates the following mutex(es): "IESQMMUTEX_0_208" It creates the following process(es): c:\Program Files\Internet Explorer\iexplore.exe [ \c:\Program Files\Internet Explorer\iexplore.exe -nohome ] Network Activity We observed the following DNS query/queries: www.microsoft.com Network Activity It attempts to connect to the following remote servers: 79.135xxxxxx:8081 79.135xxxxxx:8080 Registry Related Changes It makes the following registry modifications to ensure infection after system reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\svchost = C:\windows\temp\7f927540312f18e6cf7d66e0019d72ed.exe