W32/Autorun.worm!ip
W32/Autorun.worm!ip is a Windows platform worm that should be removed upon detection. Once executed, W32/Autorun.worm!ip will inject its malicious code into explorer.exe and then connect to a remote IRC server. W32/Autorun.worm!ip will download a file from the remote server and store it on the compromised PC. The downloaded file is a dialer program which will give user access to a list of long-distance phone numbers that will be utilized by the author of the malware. W32/Autorun.worm!ip will also make modifications to the registry and cause the compromised system's performance to deteriorate.
File System Details
W32/Autorun.worm!ip may create the following file(s):
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | %UserProfile%\x4t4c57w3.exe | |
| 2. | %SystemDrive%\RELEASE\DEBUG\ghx.exe | |
| 3. | %SystemDrive %\RELEASE\DEBUG | |
| 4. | %SystemDrive%\RELEASE |
Registry Details
W32/Autorun.worm!ip may create the following registry entry or registry entries:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67XOR2B0-3GMC89VV-JIJ1-32KL5R3423144}\]"StubPath: "="%SystemDrive%RELEASE\DEBUG\ghx.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67XOR2B0-3GMC-89VV-JIJ1-32KL5R3423144}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DownloadManager]
