Threat Information for "Win32.HLLW.Autoruner.437"

Removal Top

StopSign will automatically remove this infection with a paid membership.

Summary Top
  • Name: Win32.HLLW.Autoruner.437
  • Aliases:
  • Date Discovered: 2007-10-24
  • Protection Added: 2007-10-29
Description Top 
-- Ease of Removal

1: Runs as a service
2: Creates new registry entries with consistent data
3: Consistent file contents
4: Consistently named

-- Privacy Risks/Security Changes

1: Mimics legitimate file names

-- Damage/Intrusion/Annoyance

1: Creates new files

-- Propagation/Saturation

1: Spreads through Peer-2-Peer software
Technical Details Top
  • Added Registry Key:
    Key: HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_QAEYNKIPOILKJHGVD
  • Added Registry Data:
    Key: HKCU\%CURRENTVERSIONREG%\Run Value: [RANDOM VALUE] Data: %SYSTEMDIR%\avpo.exe