Technical Information
To ensure autorun and distribution:
Creates the following files on removable media:
- <Drive name for removable media>:\autorun.inf
- <Drive name for removable media>:\myDisk\drivers.exe
Malicious functions:
Executes the following:
- '<SYSTEM32>\cmd.exe' /C echo. > "%APPDATA%\scvhost.exe":Zone.Identifier
Modifies file system:
Creates the following files:
- %APPDATA%\scvhost.exe
Sets the 'hidden' attribute to the following files:
- <Drive name for removable media>:\autorun.inf
- <Drive name for removable media>:\myDisk\drivers.exe