Win32/USBStealer [Threat Name] go to Threat
Win32/USBStealer.D [Threat Variant Name]
Category | worm |
Size | 83968 B |
Short description
Win32/USBStealer.D is a worm that spreads via removable media.
Installation
The worm does not create any copies of itself.
The worm registers itself as a system service using the following name:
- USB Disk Security
The worm may set the following Registry entries:
- [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
- "USB Disk Security" = "%malwarefilepath%"
This causes the worm to be executed on every system start.
The worm creates the following file:
- C:\Documents and Settings\Administrator\Templates\starttemplate
Spreading on removable media
The worm creates the following files:
- %removabledrive%\System Volume Information\USBGuard.exe (Win32/USBStealer.A, 49664 B)
The following file is dropped:
- %removabledrive%\autorun.inf
The AUTORUN.INF file contains the path to the malware executable.
Thus, the worm ensures it is started each time infected media is inserted into the computer.
Other information
The worm creates the following files:
- %removabledrive%\System Volume Information\desktop.in
The worm creates copies of the following files (source, destination):
- C:\Documents and Settings\Administrator\Templates\*.in, %removabledrive%\System Volume Information\*.ins
For further information follow the links below: