Name: VBS / Autorun-QO (or) LOVERAHULSAS.vbs
Style: virus / spyware
Type: Worm
Propagation method:
(1) move the storage media
(2) Network sharing
Affected operating systems: Windows
VBS/Autorun-QO displays the text "THIS IS AN ANTI-VIRUS AND WILL HELP YOUR SYSTEM TO WORK PROPERLY" and "RAHUL THE H@CkEr".
VBS/Autorun-QO copies itself to accessible drives and the Windows system folder as LOVERAHULSAS.vbs.
VBS/Autorun-QO spreads together with a file autorun.inf. The autorun.inf file is also detected as VBS/Autorun-QO.
The following registry will be created/affected.
HKCU \ Software \ Microsoft \ Internet Explorer \ Main
Window Title
"RAHUL THE H @ CkeR"
HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ Explorer
NoFolderOptions
0
HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System
DisableTaskmgr 0
HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Policies \ System
DisableRegistryTools 0
HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon
Shell explorer.exe
HKLM \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon
Userinit
Internet Explorer start page is adverse to get change and its corresponding registry is modified as selected by the malicious code author.
HKCU \ Software \ Microsoft \ Internet Explorer \ Main Start Page
My tip/advise:
First of all you have to remove all the autorun.inf files from all the drives of your system.Also after doing so,open the registry and change the values that were affected by the virus to its default values.Some of the default values can be checked here.Then restart your system.
Success/Failure put your valuable comments here....
0 comments:
Post a Comment