Technical Information
To ensure autorun and distribution
Modifies the following registry keys
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'Myvbs' = '<SYSTEM32>\bak.vbs'
Creates the following files on removable media
- <Drive name for removable media>:\my.vbs
- <Drive name for removable media>:\autorun.inf
Malicious functions
To complicate detection of its presence in the operating system,
forces the system hide from view:
- hidden files
Modifies settings of Windows Internet Explorer
- [<HKCU>\Software\Microsoft\Internet Explorer\Main] 'Window Title' = 'My IE Title!!'
Modifies file system
Creates the following files
- <SYSTEM32>\bak.vbs
- C:\my.vbs
- C:\autorun.inf
- D:\my.vbs
- D:\autorun.inf
Sets the 'hidden' attribute to the following files
- <SYSTEM32>\bak.vbs
- C:\my.vbs
- C:\autorun.inf
- D:\my.vbs
- D:\autorun.inf
- <Drive name for removable media>:\my.vbs
- <Drive name for removable media>:\autorun.inf