Worm:Win32/Folstart modifies system settings by making a number of registry modifications. It also creates the following hidden folders on the USB drive: In combination with using a folder icon as its file icon, the worm does this to mislead users into running its copy, thinking it is the folder. For example, if the USB drive has a folder named " New Folder", then the worm copies itself in the USB drive as an executable named " New Folder", without an extension. If a USB device is found, the worm searches the drive for folders that may exist and copies itself to the drive using the same name as the folder, without an extension. HKLM\SYSTEM\CurrentControlSet\Services\USBSTOR\Enum The agent can be added easily when you are creating a new VM, which we will show first below using the resource manager model, but also can be added after the virtual machine. Worm:Win32/Forstart.A queries the following registry entry to determine if any, and if so how many, USB devices are connected to the computer: The Microsoft AntiMalware agent is a virtual machine extension in Azure that adds support for build in antimalware management within your virtual machines hosted in Azure. Worm:Win32/Folstart.A also uses a folder icon as its file icon: Spreads Via. Worm:Win32/Folstart.A also creates the following hidden folders: Upon execution, Worm:Win32/Folstart.A creates a copy of itself as the following file:Ĭopying the file to this location also enables it to execute at each Windows start. Worm:Win32/Folstart.A is a worm that spreads through removable drives and modifies some system settings.
0 Comments
Leave a Reply. |