Win32/AutoRun.Agent.UD [Threat Name] go to Threat

Win32/AutoRun.Agent.UD [Threat Variant Name]

Category worm
Size 577536 B
Aliases Backdoor.Win32.Zepfod.yy (Kaspersky)
  BackDoor-EJG.trojan (McAfee)
  Trojan:Win32/Killav.DR (Microsoft)
  Backdoor.Trojan (Symantec)
Short description

Win32/AutoRun.Agent.UD is a worm that installs Win32/AutoRun.Agent.TG malware. The worm is usually a part of other malware.


The worm does not create any copies of itself.

The worm creates the following file:

  • %temp%\­%variable1%.exe (327680, Win32/AutoRun.Agent.TG)

The worm may create the following files:

  • %temp%\­%variable2%.dll (69632 B, Win32/AutoRun.Agent.UB)

The files are then executed.

A string with variable content is used instead of %variable1-2% .

Other information

The worm terminates various security related applications.

The following programs are affected:

  • avgcsrvx.exe
  • avgrsx.exe
  • avgtray.exe
  • gdscan.exe
  • pshost.exe
  • PsCtrlS.exe
  • ccsvchst.exe
  • ekrn.exe
  • bdagent.exe
  • vsserv.exe
  • avp.exe
  • zlclient.exe
  • mcmscsvc.exe
  • ashserv.exe
  • fsgk32st.exe
  • avguard.exe

Please enable Javascript to ensure correct displaying of this content and refresh this page.