Home / malware Worm:Win32/Yeltminky.A!inf
First posted on 21 June 2013.
Source: MicrosoftAliases :
Worm:Win32/Yeltminky.A!inf is also known as Trojan.Win32.Buzus.dzwk (Kaspersky), doslegacy/Suspicious_Gen2.RIILM (Norman), INF/AutoRun!tr (other), TROJ_OTORUN.ITW (Trend Micro).
Explanation :
This threat is an autorun.inf file created by the Win32/Yeltminky family of worms to help them spread and infect other computers.
When run, Win32/Yeltminky worms checks for drives on your computer, including network and local drives, and removable devices such as USB flash drives.
It makes a copy of itself in the file safedrv.exe within the root directory of any drive it finds. It creates an autorun.inf file to make sure safedrv.exe runs automatically when the drive is opened using Windows Explorer.
Analysis by Chris Stubbs
Last update 21 June 2013