What is TrustedSource? | Create Account | Login 
Secure Computing Corporation
 
Home  Threats and Trends  Malware Information
TrustedSource™ Query
Enter IP address, domain name or URL to check reputation/traffic patterns:
Search
 

Malware Information

Malware nameScript.Autorun.VF
TypeScript
Affected platformWin32
Media-Typenone
MD5 checksum62DB801E06C4ED65193FFD7A07E686BC
Static fileno
Filesize18,281 Bytes
Alias names
(also known as)
SophosVBS/Enc-B
McAfeeVBS/Autorun.worm.k
CA ETrustVBS/RaiderVIII.D
PropagationMapped network drives

Description:

Files

It copies itself to the following locations:
• %SYSDIR%\.vbe
• %SYSDIR%\wbem\.vbe
%drive%:\.vbe



The following files are created:

%drive%:\autorun.inf This is a non malicious text file with the following content:
%code that runs malware%

Registry

The following registry key is added in order to run the process after reboot:

– [HKLM\software\microsoft\windows\currentversion\policies\explorer\
run]
%computer name% = .vbe



The following registry key is added:

– [HKLM\software\%computer name%]
%system-dependent%



The following registry key is changed:

Various Explorer settings:
– [HKCU\software\microsoft\windows\currentversion\explorer\advanced]
New value:
• showsuperhidden = 0
Secure Computing Corporate Homepage | Contact | Privacy Policy | Disclaimer

Copyright © 2007-2008 Secure Computing Corporation. All Rights Reserved.

THE DATA IS FURNISHED, "AS IS" WITHOUT ANY WARRANTY OF ANY KIND, AND SECURE COMPUTING® HEREBY DISCLAIM ALL WARRANTIES, EXPRESS, IMPLIED OR STATUTORY INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES AS TO NON-INFRINGEMENT, AND IN NO EVENT SHALL SECURE COMPUTING® BE LIABLE FOR COSTS OF PROCURING SUBSTITUTE GOODS. IN NO EVENT WILL SECURE COMPUTING® BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY, OR OTHER DAMAGES WHETHER OR NOT SECURE COMPUTING® HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE.