SecurityHome.eu Worm:Win32/Yeltminky.A!inf

Home / malware PDF

Worm:Win32/Yeltminky.A!inf

First posted on 21 June 2013.
Source: Microsoft
Aliases :
Worm:Win32/Yeltminky.A!inf is also known as Trojan.Win32.Buzus.dzwk (Kaspersky), doslegacy/Suspicious_Gen2.RIILM (Norman), INF/AutoRun!tr (other), TROJ_OTORUN.ITW (Trend Micro).
Explanation :

This threat is an autorun.inf file created by the Win32/Yeltminky family of worms to help them spread and infect other computers.

When run, Win32/Yeltminky worms checks for drives on your computer, including network and local drives, and removable devices such as USB flash drives.

It makes a copy of itself in the file safedrv.exe within the root directory of any drive it finds. It creates an autorun.inf file to make sure safedrv.exe runs automatically when the drive is opened using Windows Explorer.

Analysis by Chris Stubbs

Last update 21 June 2013

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Family:

Worm:Win32/Yeltminky.A!inf
Worm:Win32/Yeltminky.A