Threat Database Worms W32.Menovit

W32.Menovit

By LoneStar in Worms

Threat Scorecard

Threat Level: 50 % (Medium)
Infected Computers: 1
First Seen: June 6, 2012
Last Seen: September 28, 2021
OS(es) Affected: Windows

W32.Menovit is a worm that circulates through fixed, mapped and removable drives. When W32.Menovit is executed, it creates copies of itself as the certain files. W32.Menovit then generates a few registry entries that allow it to load whenever you boot up Windows. If files are not executable, such as .txt files, the file will still be overwritten with threats related to W32.Menovit, but the file will contain the same extension it had at first. W32.Menovit will also aim at killing a list of processes.

File System Details

W32.Menovit may create the following file(s):
# File Name Detections
1. %System%\1096\[TROJAN FILE NAME].exe
2. %SystemDrive%\Documents and Settings\All Users\Start Menu\Programs\Startup\[TROJAN FILE NAME].exe
3. %ProgramFiles%\eset\nod32krn.exe
4. %Windir%\apps\Microsoft\Applications\MS-Office\MS-Word\Networking\internet\system32\[TROJAN FILE NAME].exe
5. %DriveLetter%\[TROJAN FILE NAME].exe
6. %ProgramFiles%\eset\nod32kui.exe
7. %System%\pchealth\helpctr\binaries\msconfig.exe
8. %DriveLetter%\[NAMES OF FOLDERS IT FINDS].exe
9. %DriveLetter%\[FILE NAME]
10. %DriveLetter%\autorun.inf

Registry Details

W32.Menovit may create the following registry entry or registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\"venom" = "%System%\1096\[TROJAN FILE NAME].exe"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"shell" = "explorer.exe %Windir%\apps\Microsoft\Applications\Ms-office\Ms-Word\Networking\internet\system32\[TROJAN FILE NAME].exe"

URLs

W32.Menovit may call the following URLs:

https://findinfo.us/search?term=

Trending

Most Viewed

Loading...