win32/autorun.agent.OZ worm - What is it and What does it Do

Discussion in 'malware problems & news' started by techguru007, Jul 31, 2009.

Thread Status:
Not open for further replies.
  1. techguru007

    techguru007 Registered Member

    Joined:
    Jul 31, 2009
    Posts:
    1
    Hi All,

    win32/autorun.agent.OZ worm

    My computer has an indepth scan regularly and this was found today.
    A file was infected with this worm.

    I cannot locate anywhere any information on what this worm does, how to make sure that it has been cleanly removed and what is its delivery mechanism. :doubt:

    Does anybody know anything that can be of help.

    From a concerned techie who has gone to length to keep environment secure.

    Kind Regards,
    Tech Guru
     
  2. BrendanK.

    BrendanK. Registered Member

    Joined:
    Jun 23, 2008
    Posts:
    520
    Location:
    Australia
    Viruses are self-replicating. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.

    This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.
     
  3. bogdan

    bogdan Registered Member

    Joined:
    Jul 30, 2009
    Posts:
    1
    Location:
    127.0.0.1/RO
    Different AV companies use different names for the threats. If your AV (probably NOD32) doesn't offer any information on that virus, try uploading the file to VirusTotal and see how other products name it, then search their online threats database.

    ESET Threat Encyclopedia
    Symantec Threat Explorer
    Avira Virus Info
    PCTools Threat Expert

    If that file is an executable (and you still have it quarantined) you might upload it to some analysis center like:
    COMODO Instant Malware Analysis
    Anubis.
    Make sure you don't execute the file.
     
Loading...
Thread Status:
Not open for further replies.