VBS_AUTORUN.AONN
Worm:VBS/HiLink.A (Microsoft), Worm/AutoRun (AVG), VBS/Solow.CN (Panda)
Windows
Tipo di minaccia informatica:
Worm
Distruttivo?:
No
Crittografato?:
In the wild::
Sì
Panoramica e descrizione
Elimina entradas de registro para causar el funcionamiento incorrecto de aplicaciones y programas.
Dettagli tecnici
Otras modificaciones del sistema
Agrega las siguientes entradas de registro:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
txtfile\shell\open\
command
(Default) = "%SystemRoot%\System32\WScript.exe "{malware path and filename}" %1 %* "
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
txtfile\shell\open\
command
(Default) = "%SystemRoot%\System32\WScript.exe "{malware path and filename}" %1 %* "
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
inifile\shell\open\
command
(Default) = "%SystemRoot%\System32\WScript.exe "{malware path and filename}" %1 %* "
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
inffile\shell\open\
command
(Default) = "%SystemRoot%\System32\WScript.exe "{malware path and filename}" %1 %* "
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
batfile\shell\open\
command
(Default) = "%SystemRoot%\System32\WScript.exe "{malware path and filename}" %1 %* "
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
cmdfile\shell\open\
command
(Default) = "%SystemRoot%\System32\WScript.exe "{malware path and filename}" %1 %* "
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
regfile\shell\open\
command
(Default) = "%SystemRoot%\System32\WScript.exe "{malware path and filename}" %1 %* "
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
chm.file\shell\open\
command
(Default) = "%SystemRoot%\System32\WScript.exe "{malware path and filename}" %1 %* "
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
chm.file\shell\open\
command
(Default) = "%SystemRoot%\System32\WScript.exe "{malware path and filename}" %1 %* "
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
hlpfile\shell\open\
command
(Default) = "%SystemRoot%\System32\WScript.exe "{malware path and filename}" %1 %* "
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\
Applications\iexplore.exe\shell\
open\command
(Default) = "%SystemRoot%\System32\WScript.exe "{malware path and filename}" OIE "
HKEY_CLASSES_ROOT\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\
shell\OpenHomePage\Command
(Default) = "%SystemRoot%\System32\WScript.exe "{malware path and filename}" OIE "
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\
shell\open\command
(Default) = "%SystemRoot%\System32\WScript.exe "{malware path and filename}" OMC "
HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\
shell\explore\command
(Default) = "%SystemRoot%\System32\WScript.exe "{malware path and filename}" EMC "
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Advanced\Folder\Hidden\
NOHIDDEN
CheckedValue = "3"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\
Windows\CurrentVersion\Explorer\
Advanced\Folder\Hidden\
SHOWALL
CheckedValue = "2"
HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Policies\
Explorer
NoDriveTypeAutoRun = "0"
Elimina las siguientes entradas de registro:
HKEY_CLASSES_ROOT\lnkfile
IsShortcut =