|
|
What's about WORM/Autoru.cxl
Malware name Worm.Autorun.cxl
Type Worm
Affected platform Win32
Media-Type application/executable
MD5 checksum 614C47E62930A099F2A52FE71E0FA290
Static file yes
Filesize 1,167,360 Bytes
Alias names
(also known as) Sophos W32/Shahrokh-A
Protection Webwasher Anti Malware 7000.4017.x
Side effects Drops malicious files
Registry modification
Propagation No own spreading routine
Description:
Files
It copies itself to the following locations:
%SYSDIR%\explorer.exe
%SYSDIR%\Service.exe
%drive%\autorun.exe
The following files are created:
– Non malicious file:
%drive%\autorun.inf
– %SYSDIR%\tmp.exe Further investigation pointed out that this file is malware, too. Detected as: Worm.Autorun.cxl
Step1: Please download XDelBox from Here to your Desktop.
**Note: In the event you already have XDelBox, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
- If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
Step 2:Close any open browsers. Close/disable all antivirus,HIPS and anti-malware programs so they do not interfere with the running of XDelBox,visit here for how to temporarily disable your anti-virus and/or anti-malware programs.
Step 3:Run XDelBox.exe with a simple click "Start Scan".If you can't open xdelbox, please rename it as "aaa.com" or any other else.
ps:before rename xdelbox as other name,make file extention show first.
Step 4:Waiting less than 5 minutes after scan finished.
Step 5:Click "Fix Checked" to remove spyware or malware threats.
>Step6: download Regtweaker for other Registry repairing, cleaning errors and problems to optimize your PC. It is an amazing program that I use!
on 
on 
