Worm

Worm.Autooter removal instruction

Malware Removal

The Worm.Autooter is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Worm.Autooter virus can do?

  • Sample contains Overlay data
  • Uses Windows utilities for basic functionality
  • Reads data out of its own binary image
  • The binary contains an unknown PE section name indicative of packing
  • The binary likely contains encrypted or compressed data.
  • The executable is compressed using UPX
  • Authenticode signature is invalid
  • Deletes executed files from disk
  • Uses XCOPY for copying files

How to determine Worm.Autooter?



File Info:

name: 12AE85C4ECC07BB99836.mlw
path: /opt/CAPEv2/storage/binaries/3d3371c1f4bca030987d2789cd277b44b281e7ad984ba7192a23937267ffe9bf
crc32: 9148B683
md5: 12ae85c4ecc07bb99836337c23fdabb6
sha1: a9fde5549aab06e3ce6303a6cacf66111ddccac6
sha256: 3d3371c1f4bca030987d2789cd277b44b281e7ad984ba7192a23937267ffe9bf
sha512: 8dd876ce0054484fc222c1349071598e62eb46eec66b3940ce0a09b872280dcb388b51994f637aadac87f3e5a54226a396a4bc8a3a7cb27cb5f2a5cc75a75353
ssdeep: 3072:p1o+S0a5uHxGtKM7Xz5NlZotOk/PZbEuXwYf3igP4jq0gjpWHSzoynoH:A+S0ap1NEtO4AYf3i1WsHSsx
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T1680412A936F74D54FEEA33B6AB972E41956DDC03CB25C6C33BD0A0AC191099026B7374
sha3_384: bc3003ea3fda00c1e6bbeb6842c67c4214bc4581e21899568ab38b63e8d10af833758c8479c4fe4ca842f372f61acf2f
ep_bytes: 60be150042008dbeeb0ffeff5783cdff
timestamp: 2001-08-27 16:33:36


Version Info:

FileDescription: SFX Maker SFX (SelF-eXtracting archive)
FileVersion: 2.5.8.50
LegalCopyright: Copyright © David Cornish 1998-2001
Compression: ZIP (Deflate)
Comment: SFX Maker Homepage: http://sm.davidcornish.com
Translation: 0x0000 0x0000

Worm.Autooter also known as:

BkavW32.Common.4A5C7D0F
SkyhighBehavesLike.Win32.Downloader.cc
McAfeeArtemis!12AE85C4ECC0
KasperskyUDS:Net-Worm.Win32.Autooter.a
DrWebTrojan.MulDrop19.60030
Trapminemalicious.high.ml.score
Antiy-AVLTrojan/Win32.MalformedType
KingsoftWin32.Troj.Undef.a
ZoneAlarmUDS:Net-Worm.Win32.Autooter.a
CynetMalicious (score: 100)
VBA32Worm.Autooter
Cylanceunsafe
MaxSecureTrojan.Malware.1843089.susgen

How to remove Worm.Autooter?

Worm.Autooter removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment