Selected viruses, spyware, and other threats: sorted alphabetically
Short descriptionWin32/AutoRun.Agent.UP is a worm that spreads by copying itself into certain folders. The worm tries to download and execute several files from the Internet.
InstallationWhen executed, the worm copies itself into the following location:
- %temp%%originalfilename%.exe (56320 B)
The worm creates the following files:
- %temp%mxs.exe (4608 B)
- %temp%ader.exe (26112 B)
- %windir%mssrvcsvchost.exe (26112 B)
"svchost" = "%windir%mssrvcsvchost.exe"
- [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersion
"Userinit" = "%system%userinit.exe,%temp%%originalfilename%.exe"
"HideFileExt" = 2
"Hidden" = 2
SpreadingWin32/AutoRun.Agent.UP is a worm that spreads by copying itself into certain folders.
When the worm finds a folder matching the search criteria, it creates a new copy of itself.
The name of the new file is based on the name of the folder found in the search.
The extension of the file is ".exe".
The worm attempts to replace the following files with a copy of itself:
Other informationThe worm connects to the following addresses:
It tries to download several files from the addresses. The files are then executed.
The worm may create the following files:
The worm may execute the following commands:
- %windir%explorer.exe %path%