Win32AutoIt – What Is It and How to Remove It

By: UmerSheikh

Win32.Auto It is one malicious virus very prominent these days in most unprotected systems. This virus is also known as Win 32.Worm and Worm.Auto It. It is a worm type virus and the size of the files infected by this virus can vary from 220Kb to 275Kb. This worm as per record first appeared on the 20th of November 2006. Since then, even the top 10 software companies in India and elsewhere are having a hard run over solving this problem only to see other more critical virus being born.
Another feature of the virus is that it does medium damage to a computer as in comparison to other new viruses like the Trojan. It affects the computer by creating copies of itself on local disks (inclusive of all sub folders) and write-accessible removable disks. It is in the form of a Windows PE file and is packed using U P X. One can know that a computer has been affected by this virus from the following visible symptoms:
1. The worm or virus copies its executable files to root of all write-accessible removable disks under the name New Folder
2. It also drops the following malicious files:
- %Windows%\RV HOST.
- %System%\RV HOST. (both of which are copies of itself)
Technically speaking, the worm, when launching, copies its executable file to the Windows system and root directories:
%Win Dir%\RV HOST.
%System%\RV HOST.
The worm adds a link to its executable file to system registry when the system is rebooted in order to ensure that the worm is launched automatically.
[H K C U\Software\Microsoft\Windows\Current Version\Run]
"Yahoo Messenger" = "%System%\RV HOST."
[H K L M\SOFTWARE\Microsoft\Windows NT\Current Version\Win log on]
Shell = "Explorer. RV HOST."
It also copies its executable file to the root of all write-accessible removable disks under the name - New Folder. This goes on with all folders on removable disks. Each worm in the every folder will have the same name as the folder to which it is copied with an " extension.
Win32.Auto It creates the following system registry key parameters:
[H K C U\Software\Microsoft\Windows\Current Version\Policies\System]
Disable Registry Tools = 1
Disable Task Mgr = 1
These parameters thereby prevent or terminate the launching of registry editing tool and task manager and also some tasks related to antivirus and firewalls solutions.
According to a top software company in India, there are hundreds of reports every month related to this virus affecting systems. The question is how does this virus propagate? Win32.Auto It may have been downloaded as a file from a malicious website or maybe brought in by some other mallard. Another way is the using of removable disks like pen-drives and other media devices.
How can one remove this worm from a system? It can be removed by following the given removal instruction:
1. Put an end to the worm process by entering the below given command in the command line.
Task ill /I M RV HOST.
2. Delete the original worm file.
3. Carry out the following commands in the command line which will activate the Registry Editor and Task Manager.
Rag deletes H K C U\Software\Microsoft\Windows\Current Version\Policies\System /v Disable Task Mgr
rag delete H K C U\Software\Microsoft\Windows\Current Version\Policies\System/v Disable Registry Tools
4. Answer "y" and press Enter in order to confirm the deletion of the parameters
5. The following system registry key value should also be deleted.
6. [H K C U\Software\Microsoft\Windows\Current Version\Run]
"Yahoo Messenger" = "%System%\RV HOST."
7. The modified registry key value should be reverted to the below given value.
[H K L M\SOFTWARE\Microsoft\Windows NT\Current Version\Win log on]
Shell = "Explorer."
8. The following files should be also deleted
%Win Dir%\RV HOST.
%System%\RV HOST.
9. All copies of the worm should be deleted
10. A full system scan of the computer should be performed after updating best antivirus databases.
Win32.Auto It is no doubt a virus which really effects a system's performance but it can also be removed and avoided by using free antivirus. It is also advised that one should install effective antivirus software and one should download multimedia or software from trusted software development company or service providers.

Article Directory:

| More

Please Rate this Article


Not yet Rated

Click the XML Icon Above to Receive Software Articles Articles Via RSS!

Powered by Article Dashboard