Categories: Worm

Worm.AutoRun.Generic removal guide

The Worm.AutoRun.Generic is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Worm.AutoRun.Generic virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Attempts to connect to a dead IP:Port (1 unique times)
Executed a command line with /C or /R argument to terminate command shell on completion which can be used to hide execution
Yara rule detections observed from a process memory dump/dropped files/CAPE
Dynamic (imported) function loading detected
Performs HTTP requests potentially not found in PCAP.
Enumerates running processes
Reads data out of its own binary image
Attempts to modify Internet Explorer’s start page
Authenticode signature is invalid
Uses Windows utilities for basic functionality
Uses Windows utilities for basic functionality
Installs itself for autorun at Windows startup
Attempts to modify proxy settings
Creates a copy of itself
Attempts to disable or modify Explorer Folder Options

How to determine Worm.AutoRun.Generic?


File Info:
name: FAC8FBD711CC1D629288.mlwpath: /opt/CAPEv2/storage/binaries/8b494b3eb7a304a48c955399720f7253df087afb1e78f49e1b5711d918ce6a87crc32: D1D51195md5: fac8fbd711cc1d62928820889aa05f37sha1: 86ffcb805f096437f8c37771a2f933e11ead0452sha256: 8b494b3eb7a304a48c955399720f7253df087afb1e78f49e1b5711d918ce6a87sha512: 27f506dccc3c58e2757d879c336a4152429786add8be00b9d29b3956f9d7afa595cf201b88be917de7e8a4adeae8df26891cf62863cb264d8ea04972f075d796ssdeep: 6144:wpqoa8aLiC/2OLSAN7gNVpNleQUohBfGPOtQciXeL/XYqGlebojSP2pjNhcRYnCS:wpqiC/2OGAtkCP4cejGSOpRKGC8RPtype: PE32 executable (GUI) Intel 80386, for MS Windowstlsh: T169D48D02B7C680F5D8A339711577E32AEB3979154326C69BEFE02E628E115709F3A371sha3_384: 38055edde5bced96e6c9fcd3e361eed35a40f3aa86297eb7cdd86d879c0ceedc34541e089056592392c2a5fa6c7c62edep_bytes: 53565755fc648b15300000008b520c8btimestamp: 2008-12-24 09:00:07
Version Info:
0: [No Data]

Worm.AutoRun.Generic also known as:

Bkav	W32.AlterEIP.PE
Elastic	malicious (high confidence)
DrWeb	Trojan.Starter.1215
MicroWorld-eScan	Trojan.Generic.3272683
FireEye	Generic.mg.fac8fbd711cc1d62
CAT-QuickHeal	Trojan.Patched.AM
ALYac	Trojan.Generic.3272683
Cylance	Unsafe
Zillya	Virus.Starter.Win32.1
K7AntiVirus	Trojan ( 00133ee01 )
Alibaba	Trojan:Win32/Starter.ali2000005
K7GW	Trojan ( 00133ee01 )
CrowdStrike	win/malicious_confidence_100% (D)
BitDefenderTheta	AI:Packer.44866B6B18
Cyren	W32/Trojan.MMQY-0462
Symantec	Trojan.Zbot!inf
ESET-NOD32	Win32/TrojanDownloader.Small.OUC
TrendMicro-HouseCall	PE_ZBOT.A
Paloalto	generic.ml
ClamAV	Win.Trojan.Zbot-1267
Kaspersky	Trojan.Win32.ZbotPatched.b
BitDefender	Trojan.Generic.3272683
ViRobot	Win32.PatchedZBot.A
Rising	Trojan.DL.Win32.Rugo.c (CLASSIC)
Ad-Aware	Trojan.Generic.3272683
Sophos	ML/PE-A + Troj/Zbot-NY
Comodo	TrojWare.Win32.Patched.O@1mj32s
Baidu	AutoIt.Worm.Autorun.a
VIPRE	Virus.Win32.Zbot.a (v)
Emsisoft	Trojan.Generic.3272683 (B)
Ikarus	Worm.Win32.AutoIt
Jiangmin	TrojanDownloader.Genome.ghl
MaxSecure	Virus.W32.ZbotPatched.A
Avira	WORM/Autorun.esf
Antiy-AVL	Trojan/Generic.ASCommon.11C
Kingsoft	Win32.Troj.Generic.a.(kcloud)
Cynet	Malicious (score: 100)
AhnLab-V3	HEUR/Fakon.mwf.X1381
Malwarebytes	Worm.AutoRun.Generic
APEX	Malicious
Tencent	Win32.Trojan.Zbotpatched.Egoe
Yandex	Win32.ZBot.RSI
MAX	malware (ai score=100)
eGambit	Unsafe.AI_Score_56%
Fortinet	W32/Genome.ABYW!tr.dldr
Cybereason	malicious.711cc1
Panda	W32/Patched.L