WORM_UTOTI.BI

Sat, 2008-01-19 18:00 - Topics:

Virus

This worm may be dropped by other malware. It may arrive via network shares. It may also be downloaded unknowingly by a user when visiting malicious Web sites.

This worm drops several copies of itself. This worm creates registry entries to enable its automatic execution at every system startup. It also employs registry shell spawning so that it executes when files of certain types are run.

It uses Windows Task Scheduler to create a scheduled task that executes the dropped copy. It does this by creating certain files.

It prohibits the execution of the following processes by creating registry entries.

This worm drops copies of itself in network, physical, and removable drives. It also drops an AUTORUN.INF file to automatically execute its dropped copies when the said drives are accessed. The AUTORUN.INF file contains the following strings:

This worm drops a copy of itself in all folders found in removable drives using the folder name as its file name. It overwrites the file, AUTOEXEC.BAT, to enable its automatic execution in every system startup.

Similar entries

WORM_AUTORUN.ASA
This worm may be dropped by other malware. It may arrive via network shares. It may be downloaded unknowingly by a user when visiting malicious Web sites.
Upon execution, this worm drops a copy of itself. It then modifies registry entries to enable its automatic execution at every system startup. It also drops a copy of itself in the Windows Common Startup folder to enable its automatic execution at every system startup.

It employs registry shell spawning so that it executes when files of certain types are run.
WORM_SOHANAD.FM
This worm may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.
Upon execution, this worm drops several copies of itself.
It then uses the Windows Task Scheduler to create a scheduled task that executes the dropped copy. This worm also creates a registry entry to enable its automatic execution at every system startup.

It also drops non-malicious component files with Hidden and System attributes.
WORM_VB.GCZ
This worm may arrive via network shares. It may be downloaded unknowingly by a user when visiting malicious Web sites.
It drops copies of itself.
This worm creates registry entries to enable its automatic execution at every system startup. It employs registry shell spawning so that it executes when files of certain types are run. It does this by creating a registry entry.
It drops an AUTORUN.INF file to automatically execute its dropped copies when infected drives are accessed.
WORM_YAHLOVER.AZ
This worm may be downloaded unknowingly by a user when visiting malicious Web sites.
This worm drops copies of itself. It also drops component files which Trend Micro detects as MAL_OTORUN2.

This worm creates registry entries to enable its automatic execution at every system startup. It also uses Windows Task Scheduler to create a scheduled task that it uses to executes a dropped copy.
WORM_SOLOW.AD
This worm may be dropped by other malware. It may also be downloaded unknowingly by a user when visiting malicious Web sites.

Upon execution, this worm drops several copies of itself. It then creates a registry entry to enable its automatic execution at every system startup.

This worm propagates by dropping copies of itself in all detected network shares. It also drops copies of itself in drives C: to Z: of the system. This worm also drops copies of itself in all removable drives.

Infopirate.org

WORM_UTOTI.BI

Similar entries

User login

Topics

Recent comments

Stay up to date!