Les informations contenues dans cette rubrique de notre site web sont constamment mises à jour. Afin de vous garantir un contenu le plus actualisé possible, elles sont uniquement diffusées en anglais.

Virus Profile: Generic!atr

Threat Search
Imprimer
   
Virus Profile information details
Risk Assessment: Home Low | Corporate Low
Date Discovered: 31/01/2007
Date Added: 31/01/2007
Origin: N/A
Length: varies
Type: Trojan
Subtype: Configuration file
DAT Required: 4953
Removal Instructions
   
 
 
   

Description

This is a generic detection for a configuration text file (autorun.inf) used by many worms. This file is usually dropped onto the root of all removable drivers and mapped drives in an attempt to autorun an executable when the drive is accesed.

Indication of Infection

The presence of autorun.inf files on the root of all removable drives or mapped network drives containing information similar to that described in the "Characteristics" section.

Methods of Infection

Infection starts either with manual execution of the binary or by navigating to folders containing infected files whereby the autorun.inf files can cause auto-execution.

   

Virus Characteristics

This is a generic detection for a configuration text file (autorun.inf) used by many worms. This file is usually dropped onto the root of all removable drivers and mapped drives in an attempt to autorun an executable when the drive is accesed.

The size for this file varies. The size differs based on the length of the filename being referenced inside the .inf file.

Some copies of this file has the System (S) and Hidden (H) attributes present in attempt to hide the file from certain, default, viewing options within Windows Explorer.

The contents of the file are similar to the following:

[Autorun]
open=<WORM>.exe
shellexecute=<WORM>.exe
shell\Auto\command=<WORM>.exe

   

A combination of the latest DATs and the Engine will be able to detect and remove this threat. AVERT recommends users not to trust seemingly familiar or safe file icons, particularly when received via P2P clients, IRC, email or other media where users can share files.

Additional Windows ME/XP removal considerations

   

Un ordinateur infecté ? Obtenez l'aide d'un expert !

McAfee
Service de suppression des virus

Contactez l'un de nos spécialistes en sécurité par téléphone. Regardez votre PC pendant que nous résolvons le problème à distance.

$89.95 (USD)

Publicité