2:56 PM
Oglacs
I, as always said have gained a lot of important things since the day I worked in this software development company till now. Continuing my last post on the virus Win32.AutoIt, today I will post on the harms done by it on a system.
This worm copies its executable file to the root of all write-accessible removable storage devices under the name – New Folder.exe and this is the visual symptoms with which you can know whether your system is infected by the worm or not. Not only that, this virus also drops the following malicious files -
- %Windows%\RVHOST.EXE
- %Sysstem%\RVHOST.EXE (both these two are copies of the virus itself)
Technically, the worm copies its executable fiels to windows system and root directories as:
- %WinDir%\RVHOST.exe
- %System%\RVHOST.exe
when launching.
This worm is indeed a smart one. I said this because this worm does one thing to ensure that it launches automatically when the system is rebooted, it adds a link to its executable file to the system registry.
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Yahoo Messengger" = "%System%\RVHOST.exe"
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
Shell = "Explorer.exe RVHOST.exe"
This virus is also an adamant one since it doesn't stop here but it also copies its executable file to the root of all write-accessible removable disks under the name – New Folder.exe. It further copies its executable file to all folders of removable disks wherein the worm will have the same name as the folder with an “.exe” extension.
What I can also see when my friend (remember the one who works in an IT outsourcing company whom I mention in the last post?) called me to help him solve this problem is that this worm is capable of preventing system registry edition tool and task manager from launching. When I checked online and ask the software designers, they say that this is done by the worm by creating system registry key parameters given below:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System]
DisableRegistryTools = 1
DisableTaskMgr = 1
One thing everyone should know is that Win32.AutoIt may arrive on your system as a downloadable file from a malicious Web site. It may also be dropped by another malware. So be aware the next time you visit any site and download files from it.
Posted in: 
1 comments:
Princess Square in Koramangala - Serviced Apartments in Bangalore
With over 40 years of experience in the Service Industry all of us at princess square Service Apartments personally know caring for the guest and It is our goal to make sure you, your family and friends the guest enjoy a carefree vacation or Superior business class experience.
We have a small quality driven collection of hotels & hotel apartments within one of the world's most modern and fastest growing city of Bangalore.
Welcome to the Garden city - Welcome to Princess square Service Apartments Hospitality, where our promise of pure value, pure quality and pure service is delivered.
An essential attribute of all our properties are our convenience and central locations within the city of Bangalore.
At princess square Service Apartments we provide a wonderful choice. Whether you are a discerning budget traveler or just looking for that element of luxury of a 5 star business hotel, we have the accommodation solution to suite you.
Our deluxe hotel apartments offer a choice of both full hotel service operations as well as self catering facilities. We have an extensive choice of accommodations to choose from and our portfolio includes standard hotel rooms, deluxe hotel suites, studios, One, Two & Three Bedroom suite apartments, Royal Suites, Executive & Privilege Floors.
We are ideal for leisure, corporate travelers, stopovers & long stays.
All our hospitality establishments provide only the highest levels of comfortable quality accommodations and we are the perfect choice for your next city break, business meeting or special family occasion.
Post a Comment