Home / malware Win32.Worm.DiskNight.A
First posted on 21 November 2011.
Source: BitDefenderAliases :
Win32.Worm.DiskNight.A is also known as Worm.Win32.AutoRun.aul, Win32.HLLW.Knight, W32/Worm.MUN, Win32.HLLW.Knight, INF:DiskKnight, [Trj].
Explanation :
This file was designed to protect computers from worms that spread by means of USB memory sticks,
prompting the user to block or allow any of the processes that try to run from the USB. On the other hand, the file has the behavior of a worm because it spreads from computer to USB sticks and back without the user consent or knowledge.
It drops an autorun.inf file and modifies the registry keys to automatically launch a copy of itself from C:WINDOWSKnight.exe (or C:WINNTKnight.exe, depending on the operating system).
The registry operations performed are:
* HKLMSOFTWAREClassesexefileshellopencommand
* (default) -> "%1" %*
* HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun
* Disk Knight -> C:WINDOWSKnight.exeLast update 21 November 2011