Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

WORM.CODUNGI.A

 

 

Name:

Worm.Codungi.a

Descr. Added:

June 22, 2012

Type:

Worm

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

 

 

Malware problems?   We can help.  Free Removal Tools.

 

 

Description:

 

When Worm.Codungi.a is executed, it performs the following activities:

After execution, it drops the following files:

%Temp%\~DF875D.tmp
%Temp%\~DF8A7B.tmp
%Temp%\~DF9348.tmp
%WINDIR%\Help\Other.exe
%WINDIR%\inf\Other.exe
%WINDIR%\dc.exe
%WINDIR%\SVIQ.EXE
%WINDIR%\wininit.ini
%WINDIR%\system\Fun.exe
%System%\config\Win.exe
%System%\WinSit.exe

It modifies/creates the following registry entries:

dc2k5 = "%WINDIR%\SVIQ.EXE"
HKU\Software\Microsoft\Windows\CurrentVersion\Run

Fun = "%WINDIR%\system\Fun.exe"
HKU\Software\Microsoft\Windows\CurrentVersion\Run

dc: "%WINDIR%\dc.exe"
HKU\Software\Microsoft\Windows\CurrentVersion\Run

run = "%System%\config\Win.exe"
HKU\Software\Microsoft\Windows NT\CurrentVersion\Windows

Shell = "Explorer.exe %System%\WinSit.exe"
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

load = "%WINDIR%\inf\Other.exe"
HKU\Software\Microsoft\Windows NT\CurrentVersion\Windows
 

 

 

 

 

 

 

 
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4