Malware type: Worm

Aliases: No Alias Found

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Description: 

This worm may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.

Upon execution, this worm drops several files, some of which are detected as Mal_Otorun2 and WORM_IMAUT.Q. It then creates/modifies registry entries to enable its automatic execution at every system startup.

It uses Windows Task Scheduler to create a scheduled task that executes the dropped copy. It creates the scheduled task to enable its automatic execution at the specified date and/or time.

This worm creates a registry entries to disable Task Manager.

This worm drops copies of itself in all removable drives. It also drops an AUTORUN.INF file to automatically execute its dropped copies when the said drives are accessed.

This worm resolves the hostname by attempting to obtain the machine's IP address. It waits for active Internet connection to connect to a specified URL, possibly to download a malicious file or an update of itself.

For additional information about this threat, see:
Solution
Technical Details

Description created: Apr. 23, 2008 3:02:41 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.