A standalone malicious program which uses computer or removable drives to make complete copies of itself.
Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.
AutoRun.GA creates a copy of itself as the following:
It will change the title of the process to "notepad window".
It also drops two files into the root of available removable drives:
It injects codes to svchost.exe and explorer.exe.
It looks for a service that will run manually and then temporarily replaces the driver with malicious driver. It then runs the service and the returns the original driver.
This entry is created for automatic execution when explorer.exe is launched.
The autorun.inf file is an autorun file of wuauclt.exe and contains the following strings:
The worm uses rootkit stealth techniques to hide its presence on the infected machine, including deleting its own installation file once the installation has been completed.
Creates these files:
Writes in memory of these processes:
Attempts to connect to:
Sets these values:
Date Created: 2008-09-10 04:00:48.0
Date Last Modified: 2008-09-10 17:52:27.0