Sorry may be not here..but Yesterday I have received PM from user Andy with file -"winxp_patch.rar" (I asked about this file some users)... but my Antivirus told me about virus in this file. I have read about this virus on http://www.antivirus-scans.com/cyberthreats?chapter=207716431 In a short: Worm.Win32.AutoRun.bnb Worm.Win32.AutoRun.bnb Detection added Jan 07 2008 05:44 GMT Update released Jan 07 2008 09:10 GMT Description added Oct 07 2008 Behavior Internet Worm Technical details Payload Removal instructions Technical details This worm propagates by creating copies of itself on local disks and write-accessible network resources. It is a Windows PE EXE file. It is 46592 bytes in size. It is packed using UPX. The unpacked file is approximately 107MB in size. Installation The worm copies its executable file to the Windows system directory: %System%\<rnd1>[<rnd2>].exe, with <rnd1> and <rnd2> being random numbers In order to ensure that the worm is launched automatically each time the system is booted, it adds a link to its executable file in the system registry: [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Rising" = "<path to worm file>" The worm extracts a rootkit library from its body and saves it to the Windows temporary directory: %Temp%\Bug2.tmp - this file is 12800 bytes in size. It will be detected by Genesys Anti-Virus as Worm.Win32.AutoRun.ll; That is not very good virus. Be careful...
