AutoRun.WJIis a Worm. Autorun is a family of Worms that spreads by copying itself to network shares and removable drives. Some variants of this family are also capable of adding themselves to archive files on the victim machine. They are known to download additional malicious components to further damage the victims system.
Process Related Changes
It creates the following mutex(es):
It creates the following process(es):
- c:\Program Files\Internet Explorer\iexplore.exe [ \c:\Program Files\Internet Explorer\iexplore.exe -nohome ]
Network Activity
We observed the following DNS query/queries:
Network Activity
It attempts to connect to the following remote servers:
- 79.135xxxxxx:8081
- 79.135xxxxxx:8080
Registry Related Changes
It makes the following registry modifications to ensure infection after system reboot:
- HKCU\Software\Microsoft\Windows\CurrentVersion\Run\svchost = C:\windows\temp\7f927540312f18e6cf7d66e0019d72ed.exe
|
