Technical Information
To ensure autorun and distribution:
Creates the following files on removable media:
- <Drive name for removable media>:\autorun.inf.exe
- <Drive name for removable media>:\temp\system.exe
- <Drive name for removable media>:\autorun.inf
Malicious functions:
Creates and executes the following:
- '<Drive name for removable media>:\temp\system.exe'
- '%HOMEPATH%\Documen\nod42.exe'
Modifies file system :
Creates the following files:
- %HOMEPATH%\Documen\nod42.exe
Sets the 'hidden' attribute to the following files:
- <Drive name for removable media>:\autorun.inf.exe
- <Drive name for removable media>:\autorun.inf
- %HOMEPATH%\Documen\nod42.exe
Miscellaneous:
Searches for the following windows:
- ClassName: 'Shell_TrayWnd' WindowName: ''