Jump to content


Photo

regsvr.exe Autorun.inf, New Folder .exe


  • This topic is locked This topic is locked
1 reply to this topic

#1 gutted

gutted

    New Member

  • Members
  • Pip
  • 1 posts

Posted 20 February 2012 - 11:34 AM

There seems to be three virus /Malware hidden files that start the whole process namely : 1) Autorun.inf Contents of this file is: [Autorun] Open=regsvr.exe Shellexecute=regsvr.exe Shell\Open\command=regsvr.exe Shell=open 2) regsvr.exe 3) New Folder .exe (with a space between ‘r’ and the’.exe’). The above two files are identical in size (637,952), date (08/04/2009), time(12:41) This virus seems to plant itself in every directory of the hard drive and any network drives attached. It creates a folder within the original folder giving it the name of the original folder plus space.exe (ie if folder name is 'programs' it will create a folder with in 'programs' and calls it ‘programs .exe’. Any subfolder within programs gets the same treatment). We have tried to remove all the created folders and files cleared all the drives after running your software with no effect. Your urgent attention to this is really appreciated as this virus is spreading through our network like wild fires.

All three virus files attached to a zip file here. Password for file is 'infected'.

Attached Files



#2 Fatdcuk

Fatdcuk

    Malware BBQ'er

  • Moderators
  • PipPipPipPipPipPip
  • 20,550 posts
  • Gender:Male
  • Location:127.0.0.1

Posted 20 February 2012 - 11:42 AM

Many thanks gutted,

I will take a look at the files shortly :)
Ade Gill
Research Engineer

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users