Cart
Worm.VBS.Solow.A( Worm.VBS.Slogod )
SYMPTOMS: Presence of MS32DLL.DLL.VBS file in %WINDIR% directory and in root directories of removable and fixed drives with hidden and system attributes.Presence of autorun.inf in root directories of removable and fixed drives with hidden and system attributes. TECHNICAL DESCRIPTION: Once executed, the worm replicated copying itself in %WINDIR% directory and in root directories of all fixed and removable disk drives except A: drive. After that it creates autorun.inf on all fixed and removable drives except A: drive and sets the worm to be executed at disk autorun.Also the worm sets Main Window Title of Internet Explorer to: "Hacked by Godzilla", and executes explorer.exe with infected filename argument, thus executing itself in an infinite cycle, this way every time you intoroduce a new removable drive, it infects it. Removal instructions: Please let BitDefender disinfect your files.ANALYZED BY: Suiu Andrei, virus researcher |