WORM_VOBFUS.RU Description

WORM_VOBFUS.RU is a worm that propagates via removable drives, can be downloaded from the web or delivered by other computer infections. WORM_VOBFUS.RU comes by connecting corrupted removable drives to a machine. WORM_VOBFUS.RU proliferates as a malicious file downloaded by other computer infections or is dropped unknowingly by computer users when visiting dangerous websites. WORM_VOBFUS.RU downloads an autorun.inf file to automatically load the copies it donwloads when a PC user accesses the drives of a vulnerable machine. While being installed, WORM_VOBFUS.RU downloads the copies of itself in the form of the malicious files in all removable drives of the compromised computer system. WORM_VOBFUS.RU adds several registry entries so that it can start automatically whenever you boot up Windows and access the drives. WORM_VOBFUS.RU also adds the particular registry entries as part of its installation routine. WORM_VOBFUS.RU modifies the particular registry entries to disguise files with Hidden attributes. WORM_VOBFUS.SMAC connects to the particular web addresses to send and get commands from remote cybercriminals.

Type: Worms

How Can You Detect WORM_VOBFUS.RU?

WORM_VOBFUS.RU Removal Details

WORM_VOBFUS.RU has typically the following processes in memory:

• %User Profile%\{RANDOM CHARACTERS}.exe

WORM_VOBFUS.RU creates the following files in the system:

• autorun.inf

WORM_VOBFUS.RU creates the following registry entries:

• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run {RANDOM CHARACTERS} = “%User Profile%\{RANDOM CHARACTERS}.exe /{RANDOM CHARACTERS}”
• HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUNoAutoUpdate = “1″
• HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\AdvancedShowSuperHidden = “0″

Important Article Disclaimer