Win32.HLLW.Autoruner.54376

Technical Information

To ensure autorun and distribution:

Modifies the following registry keys:

[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe R.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe S.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe T.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe O.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe P.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe Q.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe X.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe Y.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe Z.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe U.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe V.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe W.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe F.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe G.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe H.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe C.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe D.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe E.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe L.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe M.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe N.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe I.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe J.bat'
[<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'Shell' = 'Explorer.exe K.bat'

Creates the following files on removable media:

<Drive name for removable media>:\D.cmd
<Drive name for removable media>:\Autorun.inf

Modifies file system :

Creates the following files:

<Current directory>\Q.bat
<Current directory>\R.bat
<Current directory>\S.bat
<Current directory>\N.bat
<Current directory>\O.bat
<Current directory>\P.bat
<Current directory>\T.bat
<Current directory>\X.bat
<Current directory>\Y.bat
<Current directory>\Z.bat
<Current directory>\U.bat
<Current directory>\V.bat
<Current directory>\W.bat
<Current directory>\D.bat
<Current directory>\E.bat
<Current directory>\F.bat
C:\Autorun.inf
C:\C.cmd
<Current directory>\C.bat
<Current directory>\G.bat
<Current directory>\K.bat
<Current directory>\L.bat
<Current directory>\M.bat
<Current directory>\H.bat
<Current directory>\I.bat
<Current directory>\J.bat

Sets the 'hidden' attribute to the following files:

<Drive name for removable media>:\Autorun.inf
<Drive name for removable media>:\D.cmd
C:\Autorun.inf
C:\C.cmd

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Technical Information