On 11/13/07, Juha-Matti Laurio <[EMAIL PROTECTED]> wrote: > The description of this malware (Kaspersky's writeup): > > Virus.Win32.AutoRun.ah > http://www.viruslist.com/en/viruses/encyclopedia?virusid=160221 > > The payload is not so bad in corporate environment...
The virus modifies values of the following system registry keys: [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] DisableTaskMgr = 1 [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoFolderOptions = 1 It also searches the hard disk partitions <snip> for files with an ".mp3" extension: <snip> These files wil then be deleted. OP referenced this description: >> Trojan >> horse viruses that automatically upload to Beijing Web sites >> anything the computer user saves on the hard disc, Which one is it? If it is the latter, then has anyone considered the fact that this might just be a free online backup service from Seagate :-P -JP _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
