- presence of the file autorun.inf inside root directory of every drive
- msiexec.exe runs in background
Please let BitDefender disinfect your files.
This worm may come inside a NSIS (Nullsoft Installer) file. When this file gets executed, it will first check the existence of the following registry key:
HKEY_LOCAL_MACHINE\Software\QucikWatch, and then it will drop and execute a file named QuickWatch.exe inside temp folder. This file will first create an autorun.inf file in the root of every accessible drive. The autorun.inf file contains several lines of randomly generated garbage ASCII characters, in order to make detection more difficult. Two text lines betray, however, its purpose: