(Virus.Win32.AutoRun.hs, W32/Autorun.worm.g, Win32/Autoit.BB, W32/AutoRun.G!worm, )
Symptoms of this malware:
* presence of a file called ",.exe" in Windows directory
* presence of a process ",.exe" running in your computer (TaskManager)
* presence of an entry called "HUI" under "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" pointing to a file "C:\windows\,.exe"
Please let BitDefender disinfect your files.
Radu Daniel, virus researcher
Malware is written using AutoIT, which is a "BASIC-like scripting language designed for automating the Windows GUI and general scripting".
- drops [DRIVE]:\autorun.inf on all drives, which is used to execute the malware when the drive is accessed;
- copies itself as ",.exe" on all drives
- copies itself as ",.exe" in %windir%
- enables AutoRun on all drives by altering following registry entries:
- tries to kill following processes if running:
- adds itself to Windows Startup under the name "HUI" by altering following registry entry:
- modifies following registry entries:
* HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced \ShowSuperHidden"
, to hide file extensions and file under explorer.