On 11/14/07, Juha-Matti Laurio <[EMAIL PROTECTED]> wrote: > Dude VanWinkle <[EMAIL PROTECTED]> kirjoitti: > > On 11/13/07, Juha-Matti Laurio <[EMAIL PROTECTED]> wrote: > > > The description of this malware (Kaspersky's writeup): > > > > > > Virus.Win32.AutoRun.ah > > > http://www.viruslist.com/en/viruses/encyclopedia?virusid=160221 > > > > > > The payload is not so bad in corporate environment... > > > > The virus modifies values of the following system registry keys: > > > > [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System] > > DisableTaskMgr = 1 > > [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] > > NoFolderOptions = 1 > > > > It also searches the hard disk partitions <snip> for files with an > > ".mp3" extension: > > <snip> > > These files wil then be deleted. > > Thanks for provifing the summary to readers not visit the Viruslist.com URL.
err sure, anytime.. > > Additionally, Trend has listed several malware names too, e.g. I was just wondering why the articles said: This virus -->uploads all<-- your files to X, and the one you posted said it -->deleted<-- all your -->mp3<-- files. I could have just mis-clicked on a url again.. -JP _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
