|
|
Detect and remove hidden rootkits using
UnHackMe
RegRun Security Suite = 24 system utilities for protecting your computer. Try now! |
 %WinDir%\au.exe - Dangerous
This worm spreads via the Internet as attachments to infected emails. The infected messages have the following characteristics: Header: ID x... thanks with x being a string of random characters. Body: Yours ID x -- Thank with x being a string of random characters. Attachment: The attachment has a random name, with a file size of 11KB. The worm copies itself to the Windows system directory under the name 'au.exe'. Adds the value: "au.exe" = "%system%\au.exe" to registry key: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] Also creates the following registry key: [HKCU\SOFTWARE\Windows2000] and saves its variables there. The worm attempts to connect to remote sites, all of which are in some way connected with the Trojan proxy server TrojanProxy.Win32.Mitglieder Send itself to all email addresses found in files on disks. Removal: %WinDir%\au.exe is removed by RegRun.
Read more... Removal instructions...
Recommended software: RegRun Security Suite - removal and protection. http://www.regrun.com RegRun Reanimator - free removal tool. greatis.com/reanimator
What is hidden in MSDN? Why software developers prefer Win32.FreeTechSecrets.com? All Unix Manuals in Alphabetical Order C# controls for .NET in 3 simple steps. Constantly updated. Last update: May 5 2008
Interesting information about Vista programs... Need consultation? Would you like to add your opinion?
|
|
