WORM_DROPPER.DI
Worm:Win32/Ainslot.H (Microsoft), Trojan.Malcol (Symantec), Win32/VB.NYG worm (ESET), W32/Cosmu.BCCY!tr (Fortinet)
Windows 2000, Windows Server 2003, Windows XP (32-bit, 64-bit), Windows Vista (32-bit, 64-bit), Windows 7 (32-bit, 64-bit)
![](/vinfo/imgFiles/legend.jpg)
Threat Type: Worm
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This worm arrives by connecting affected removable drives to a system.
TECHNICAL DETAILS
3,567,616 bytes
EXE
No
19 Aug 2013
Arrival Details
This worm arrives by connecting affected removable drives to a system.
Installation
This worm drops the following copies of itself into the affected system:
- %Windows%\New Folder(2).exe
(Note: %Windows% is the Windows folder, which is usually C:\Windows.)
Autostart Technique
This worm drops the following file(s) in the Windows User Startup folder to enable its automatic execution at every system startup:
- %User Startup%\New Folder(2).exe
(Note: %User Startup% is the current user's Startup folder, which is usually C:\Windows\Profiles\{user name}\Start Menu\Programs\Startup on Windows 98 and ME, C:\WINNT\Profiles\{user name}\Start Menu\Programs\Startup on Windows NT, and C:\Documents and Settings\{User name}\Start Menu\Programs\Startup.)
Propagation
This worm drops the following copy of itself in all physical and removable drives:
- New Folder(2).exe