What is Trojan.AutoRun.A?
Type: Virus | Category: Trojans and viruses | Discovered: 19 May 2008
It is a Trojan that drops an AUTORUN.INF file in order to automatically execute it when main hard drives are accessed. In other words, when trying to open C, D, E drives in My Computer they will not open normally, instead a message pops when clicked on the drives saying that Windows cannot find xn1i9x.com. The same issue might happen with other names mentioned below:
n1deiect.com
ntde1ect.com
nudeiect.com
ntdelect.com
nideiect.com
ek.com
d.com
usdeiect.com
80avp08.com
dosocom.com
xfoolavp.com
uxdeiect.com
Trojan also drops malicious files, makes them hidden and disables Windows "Show hidden files and folders" function. Deleting any of these files will remain unrealised because Trojan adds a autorun registry which loads files on boot.
Note that, USB Flash Drives will be affected with Trojan.AutoRun.A as well.
The infected AutoRun.inf file is containing the following information:
[AutoRun]
open=xn1i9x.com
;shell\open=Open(&O)
shell\open\Command=xn1i9x.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=xn1i9x.com
Possible error messages:
Avpo.exe Application Error
Amvo.exe Application Error
Kavo.exe Application Error
n1deiect.com
ntde1ect.com
nudeiect.com
ntdelect.com
nideiect.com
ek.com
d.com
usdeiect.com
80avp08.com
dosocom.com
xfoolavp.com
uxdeiect.com
Trojan also drops malicious files, makes them hidden and disables Windows "Show hidden files and folders" function. Deleting any of these files will remain unrealised because Trojan adds a autorun registry which loads files on boot.
Note that, USB Flash Drives will be affected with Trojan.AutoRun.A as well.
The infected AutoRun.inf file is containing the following information:
[AutoRun]
open=xn1i9x.com
;shell\open=Open(&O)
shell\open\Command=xn1i9x.com
shell\open\Default=1
;shell\explore=Manager(&X)
shell\explore\Command=xn1i9x.com
Possible error messages:
Avpo.exe Application Error
Amvo.exe Application Error
Kavo.exe Application Error
Trojan.AutoRun.A removal tool:
- Spyware Doctor (see here for the installation guide)
Trojan.AutoRun.A Entries:
The following dll files are created: amvo0.dll, gnsmo.dll, amvo1.dll, avp0.dll, taso0.dll, kavo0.dll, kavo1.dll
The following files are created:
amvo.exe, avpo.exe, avp0.exe, kavo.exe, semo2x.exe
Hijackthis Entries:
O4 Entries:
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe
O4 - HKCU\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [kava] C:\WINDOWS\system32\kavo.exe