Worm.AutoRun.eav

By LoneStar in Worms

Worm.AutoRun.eav is a computer worm parasite. Worm.AutoRun.eav has been known to be automatically updated through malicious sites and then load when Windows starts. Worm.AutoRun.eav may also plant malicious Windows registry keys that automatically run making it difficult to remove from a computer without the help of a spyware removal application.

File System Details

Worm.AutoRun.eav may create the following file(s):

Expand All | Collapse All

#	File Name	Detections Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
1.	Imgtask.exe
Name: Imgtask.exe Type: Executable File
2.	XP-27EE4BE0.EXE
Name: XP-27EE4BE0.EXE Type: Executable File
3.	Msmsgs.exe
Name: Msmsgs.exe Type: Executable File
4.	cmd.exe
Name: cmd.exe Type: Executable File
5.	ipilrws.exe
Name: ipilrws.exe Type: Executable File
6.	Mixa.exe
Name: Mixa.exe Type: Executable File
7.	XP-71F06FE8.EXE
Name: XP-71F06FE8.EXE Type: Executable File
8.	BEA23C.EXE
Name: BEA23C.EXE Type: Executable File
9.	SilentSoftech.exe
Name: SilentSoftech.exe Type: Executable File
10.	scrss.exe
Name: scrss.exe Type: Executable File
11.	kvtrwkcc.exe
Name: kvtrwkcc.exe Type: Executable File
12.	fuwuqi.exe
Name: fuwuqi.exe Type: Executable File
13.	vshost32.exe
Name: vshost32.exe Type: Executable File
14.	guangd.exe
Name: guangd.exe Type: Executable File
15.	windowsmp.exe
Name: windowsmp.exe Type: Executable File
16.	userini.exe
Name: userini.exe Type: Executable File
17.	6FB219.EXE
Name: 6FB219.EXE Type: Executable File
18.	8EBE6FCF.DLL
Name: 8EBE6FCF.DLL Type: Dynamic link library
19.	CSRSS.exe
Name: CSRSS.exe Type: Executable File
20.	system.exe
Name: system.exe Type: Executable File
21.	XP-CF959062.EXE
Name: XP-CF959062.EXE Type: Executable File
22.	XP-D754771A.EXE
Name: XP-D754771A.EXE Type: Executable File
23.	XP-337B8E53.EXE
Name: XP-337B8E53.EXE Type: Executable File
24.	XP-87B203C2.EXE
Name: XP-87B203C2.EXE Type: Executable File
25.	XP-4D887B29.EXE
Name: XP-4D887B29.EXE Type: Executable File
26.	XP-CE734A3C.EXE
Name: XP-CE734A3C.EXE Type: Executable File
27.	XP-5ADC2FB8.EXE
Name: XP-5ADC2FB8.EXE Type: Executable File
28.	XP-F180A41E.EXE
Name: XP-F180A41E.EXE Type: Executable File
29.	XP-12C950AE.EXE
Name: XP-12C950AE.EXE Type: Executable File
30.	XP-3451AFB8.EXE
Name: XP-3451AFB8.EXE Type: Executable File
31.	XP-AA54AD69.EXE
Name: XP-AA54AD69.EXE Type: Executable File
32.	XP-A252657D.EXE
Name: XP-A252657D.EXE Type: Executable File
33.	XP-C748D768.EXE
Name: XP-C748D768.EXE Type: Executable File
34.	userinit.exe
Name: userinit.exe Type: Executable File
35.	XP-8F09BDB0.EXE
Name: XP-8F09BDB0.EXE Type: Executable File
36.	XP-822A840F.EXE
Name: XP-822A840F.EXE Type: Executable File
37.	XP-2D39A46D.EXE
Name: XP-2D39A46D.EXE Type: Executable File
38.	XP-84978424.EXE
Name: XP-84978424.EXE Type: Executable File
39.	Application Datasvchost.exe
Name: Application Datasvchost.exe Type: Executable File
40.	winlog.exe
Name: winlog.exe Type: Executable File
41.	win32osf.exe
Name: win32osf.exe Type: Executable File
42.	ntdetect.com
Name: ntdetect.com Type: Command, executable file
43.	FlashGuard.exe
Name: FlashGuard.exe Type: Executable File
44.	cvlu.exe
Name: cvlu.exe Type: Executable File
45.	explorer.exe
Name: explorer.exe Type: Executable File
46.	systtray.exe
Name: systtray.exe Type: Executable File
47.	MAgent.exe
Name: MAgent.exe Type: Executable File
48.	XP-EA1E4442.EXE
Name: XP-EA1E4442.EXE Type: Executable File
49.	XP-30ABA011.EXE
Name: XP-30ABA011.EXE Type: Executable File
50.	winsys.exe
Name: winsys.exe Type: Executable File
51.	Thumbs.exe
Name: Thumbs.exe Type: Executable File
52.	fool1.dll
Name: fool1.dll Type: Dynamic link library
53.	Win24DLL.exe
Name: Win24DLL.exe Type: Executable File
54.	smss.exe
Name: smss.exe Type: Executable File
55.	aebfcbddecdfffeca.dll
Name: aebfcbddecdfffeca.dll Type: Dynamic link library
56.	explorcr.exe
Name: explorcr.exe Type: Executable File
57.	kislab.exe
Name: kislab.exe Type: Executable File
58.	83B2C82D.DLL
Name: 83B2C82D.DLL Type: Dynamic link library
59.	cvasds0.dll
Name: cvasds0.dll Type: Dynamic link library
60.	services.exe
Name: services.exe Type: Executable File
61.	lsass.exe
Name: lsass.exe Type: Executable File
62.	XP-09A09F1E.EXE
Name: XP-09A09F1E.EXE Type: Executable File
63.	XP-3E5A95DF.EXE
Name: XP-3E5A95DF.EXE Type: Executable File
64.	XP-5ED4BC61.EXE
Name: XP-5ED4BC61.EXE Type: Executable File
65.	XP-172566D2.EXE
Name: XP-172566D2.EXE Type: Executable File
66.	XP-C8C16F42.EXE
Name: XP-C8C16F42.EXE Type: Executable File
67.	XP-F3603667.EXE
Name: XP-F3603667.EXE Type: Executable File
68.	XP-CE0B6B01.EXE
Name: XP-CE0B6B01.EXE Type: Executable File
69.	XP-2B689D56.EXE
Name: XP-2B689D56.EXE Type: Executable File
70.	XP-85A6D8DD.EXE
Name: XP-85A6D8DD.EXE Type: Executable File
71.	XP-F09415CE.EXE
Name: XP-F09415CE.EXE Type: Executable File
72.	XP-6BB4378C.EXE
Name: XP-6BB4378C.EXE Type: Executable File
73.	XP-D41D8CD9.EXE
Name: XP-D41D8CD9.EXE Type: Executable File
74.	XP-17010165.EXE
Name: XP-17010165.EXE Type: Executable File
75.	XP-364C086F.EXE
Name: XP-364C086F.EXE Type: Executable File
76.	rundli32.exe
Name: rundli32.exe Type: Executable File
77.	XP-38B8CEBE.EXE
Name: XP-38B8CEBE.EXE Type: Executable File
78.	rundll56.exe
Name: rundll56.exe Type: Executable File
79.	XP-DCB3C72C.EXE
Name: XP-DCB3C72C.EXE Type: Executable File
80.	winlogon.exe
Name: winlogon.exe Type: Executable File
81.	ahr.exe
Name: ahr.exe Type: Executable File
82.	XP-6A3A0D20.EXE
Name: XP-6A3A0D20.EXE Type: Executable File
83.	xxz[1].exe
Name: xxz[1].exe Type: Executable File
84.	msupdt.exe
Name: msupdt.exe Type: Executable File
85.	E05A84.EXE
Name: E05A84.EXE Type: Executable File
86.	SVCHOST.exe
Name: SVCHOST.exe Type: Executable File
87.	cftmom.exe
Name: cftmom.exe Type: Executable File
88.	cftmon.exe
Name: cftmon.exe Type: Executable File
89.	GuelmimG.bat
Name: GuelmimG.bat Type: Batch file
90.	qbbtqcy.exe
Name: qbbtqcy.exe Type: Executable File
91.	Syswin.exe
Name: Syswin.exe Type: Executable File
92.	svchots.exe
Name: svchots.exe Type: Executable File
93.	SVCHOST32.EXE
Name: SVCHOST32.EXE Type: Executable File
94.	afaadacbadddc.dll
Name: afaadacbadddc.dll Type: Dynamic link library
95.	KEYBOARD.exe
Name: KEYBOARD.exe Type: Executable File
96.	scvhost.exe
Name: scvhost.exe Type: Executable File
97.	init.exe
Name: init.exe Type: Executable File
98.	fffddeabacfda.dll
Name: fffddeabacfda.dll Type: Dynamic link library
99.	tsay.exe
Name: tsay.exe Type: Executable File
100.	herss.exe
Name: herss.exe Type: Executable File
101.	WindowsLive.exe
Name: WindowsLive.exe Type: Executable File
102.	JACKsmall.exe
Name: JACKsmall.exe Type: Executable File
103.	iexplorer.exe
Name: iexplorer.exe Type: Executable File
104.	XP-590822A9.EXE
Name: XP-590822A9.EXE Type: Executable File
105.	XP-E044478C.EXE
Name: XP-E044478C.EXE Type: Executable File
106.	XP-DDA58EAE.EXE
Name: XP-DDA58EAE.EXE Type: Executable File
107.	XP-6CF365E3.EXE
Name: XP-6CF365E3.EXE Type: Executable File
108.	XP-F787D259.EXE
Name: XP-F787D259.EXE Type: Executable File
109.	XP-0EF5525C.EXE
Name: XP-0EF5525C.EXE Type: Executable File
110.	XP-21470116.EXE
Name: XP-21470116.EXE Type: Executable File
111.	XP-904B231F.EXE
Name: XP-904B231F.EXE Type: Executable File
112.	XP-12B7E2EE.EXE
Name: XP-12B7E2EE.EXE Type: Executable File
113.	XP-E7D6DD34.EXE
Name: XP-E7D6DD34.EXE Type: Executable File
114.	XP-C8889B57.EXE
Name: XP-C8889B57.EXE Type: Executable File
115.	XP-042EC9AF.EXE
Name: XP-042EC9AF.EXE Type: Executable File
116.	XP-5C37B42E.EXE
Name: XP-5C37B42E.EXE Type: Executable File
117.	sysdiag64.exe
Name: sysdiag64.exe Type: Executable File
118.	XP-8FF03DFF.EXE
Name: XP-8FF03DFF.EXE Type: Executable File
119.	XP-C6BBD855.EXE
Name: XP-C6BBD855.EXE Type: Executable File
120.	UbiRg.exe
Name: UbiRg.exe Type: Executable File
121.	cftu.exe
Name: cftu.exe Type: Executable File
122.	sWx.exe
Name: sWx.exe Type: Executable File
123.	ohydy.exe
Name: ohydy.exe Type: Executable File
124.	M7K1H3A6.vbs
Name: M7K1H3A6.vbs

Registry Details

Worm.AutoRun.eav may create the following registry entry or registry entries:

HKEY..\..\..\..{RegistryKeys}

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Msmsgs

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ E05A84

RUNNING PROGRAM\explorer.exe

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ RunJava2

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ ImgTask

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ XP-27EE4BE0

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ ntuser

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ cftmom

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CURRENTVERSION\WINLOGON\USERINIT\ userinit

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ FlashGuard

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ App

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ Win32 Console

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ egrrgdk

Enigma Software Group Prevails Over Malwarebytes at the Ninth Circuit

Search

Change Region

Worm.AutoRun.eav

File System Details

Registry Details

Submit Comment

Trending

Rzfu Ransomware

'YouPorn' Email Scam

Rzkd Ransomware

Most Viewed

Is Lookmovie.io Safe?

How To Fix 'Printer Driver is Unavailable' Error

Discord Shows Black Screen when Sharing Screen