What is TrustedSource? | Create Account | Login 
Secure Computing Corporation
 
Home  Threats and Trends  Malware Information
TrustedSource™ Query
Enter IP address, domain name or URL to check reputation/traffic patterns:
Search
 

Malware Information

Malware nameWorm.Autorun.dhl
TypeWorm
Affected platformWin32
Media-Typeapplication/executable
MD5 checksum51050DA73B0B909DEDBA99B9886E165E
Static fileyes
Filesize63,488 Bytes
Alias names
(also known as)
SophosW32/AutoRun-DJ
McAfeeW32/Autorun.worm.bc
CA ETrustWin32/SillyAutorun.JD
Side effects
  • Drops files
  • Registry modification
PropagationMapped network drives

Description:

Files

It copies itself to the following location:
%drive%:\ctfmonn.exe



The following files are created:

%drive%:\autorun.inf This is a non malicious text file with the following content:
%code that runs malware%

Registry

The following registry key is added in order to run the process after reboot:

– [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
• cftmonn = %SYSDIR%\cftmonn.exe

Miscellaneous

String:
Furthermore it contains the following string:
• Vive Avril !!!!!(Tsy virus zany ty!!! lol lol lol
Secure Computing Corporate Homepage | Contact | Privacy Policy | Disclaimer

Copyright © 2007-2008 Secure Computing Corporation. All Rights Reserved.

THE DATA IS FURNISHED, "AS IS" WITHOUT ANY WARRANTY OF ANY KIND, AND SECURE COMPUTING® HEREBY DISCLAIM ALL WARRANTIES, EXPRESS, IMPLIED OR STATUTORY INCLUDING, WITHOUT LIMITATION, ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND ANY WARRANTIES AS TO NON-INFRINGEMENT, AND IN NO EVENT SHALL SECURE COMPUTING® BE LIABLE FOR COSTS OF PROCURING SUBSTITUTE GOODS. IN NO EVENT WILL SECURE COMPUTING® BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, INCIDENTAL, EXEMPLARY, OR OTHER DAMAGES WHETHER OR NOT SECURE COMPUTING® HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH LOSS OR DAMAGE.