Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

WORM.COLOWNED.A

 

 

Name:

Worm.Colowned.a

Added:

February 19, 2012

Type:

Worm

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

 

 

Malware problems?   We can help.  Free Removal Tools.

 

 

Description:

 

When Worm.Colowned.a is executed, it performs the following activities:

After execution it drops the following files:

%Appdata%\taskhost.exe
%systemdrive%\viewDrive.exe
%systemdrive%\autorun.inf

The autorun.inf files contains-

[autorun]
open=viewdrive.exe
default=1
action=Open folder to view drive
shell\open\command=viewDrive.exe
shell\explore\command=viewDrive.exe
useautoplay= 1

It modifies/creates the following registry entries:

Windows Task Host = "%Appdata%\taskhost.exe"
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Windows Task Host = "%Appdata%\taskhost.exe"
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

The keys allow "taskhost.exe" to run every time Windows starts.


 

 

 

 

 

 

 

 
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4