This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then further propagate the virus. Although many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.
5890 (2010-02-12)Updated DAT
When executed, the worm copies itself into the following location.
And drops the following file
The following registry values have been added to the system
Once the users system is compromised, The worm looks for the removable drives (eg: USB memory stick, flash drive). Once the removable drive is found, the worm spreads the copy to the following location:
Also, the worm creates a hidden file "autorun.inf" in the removable drive to execute it automatically when the user inserts the infected removable drive into another computer.
When executed, the worm injects the code into explorer.exe and connects to the IP Address 124.217.[removed].112 through a remote port 6667 which is mainly used for IRC traffic. The worm performs backdoor activity to download/execute malicious files from the remote server and also it performs flooding attacks.
Viruses are self-replicating. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.
Use current engine and DAT files for detection and removal.
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).