A new variant of Worm.autoIt GoogleUpdate.a3x just been discovered by UsbFix: GoogleChrome.a3x

This variant create 2 folders on the system disk :

  • C:\GoogleChrome
  • C:\MozillaFirefox

She put the malicious script GoogleChrome.a3x (encoded AutoIt Script), renowned wscript.exe copies, copies of famous AutoIt.exe, copies of cmd.exe renamed and shortcuts :

  • GoogleChrome.lnk
  • GoogleUpdate.lnk
  • MozillaFirefox.lnk
  • My Music.lnk
  • WindowsUpdate.lnk

GoogleChrome.a3x create two shortcuts in Windows Startup folder to call the malicious script with command CMD or AutoIt executable :

  • %StartUp%\Google Chrome.lnk : %SysDir%\cmd.exe -> %SystemDrive%\MozillaFirefox\GoogleChrome.a3x
  • %StartUp%\GoogleUpdate.lnk : %SystemDrive%\GoogleChrome\GoogleChrome.exe (Autoit.exe renommé) -> %SystemDrive%\GoogleChrome\GoogleChrome.a3x

The infection will then spread to removable drives (USB, SD card etc), it created the MozillaFirefox folder and places his malicious code :
%UsbDrive%:\MozillaFirefox\GoogleChrome.a3x
She also create this following files :

  • %UsbDrive%:\! Videos\! Videos.lnk
  • %UsbDrive%:\! Videos\My Music.lnk
  • %UsbDrive%:\My Games\My Games.lnk
  • %UsbDrive%:\My Games\My Music.lnk
  • %UsbDrive%:\My Videos\My Videos.lnk
  • %UsbDrive%:\My Videos\My Music.lnk
  • %UsbDrive%:\My Movies\My Movies.lnk
  • %UsbDrive%:\My Movies\My Music.lnk

.lnk Files are shortcuts, they are all trapped in order to execute the malicious script GoogleChrome.a3x.
A trapped shortcut is created in all folder of the USB drive : My Music.lnk

UsbFix Detection :

Deleted! I:\Documents.lnk
Deleted! I:\Downloads.lnk
Deleted! C:\GoogleChrome\GoogleChrome.a3x
Deleted! C:\GoogleChrome\GoogleChrome.exe
Deleted! C:\GoogleChrome\GoogleChrome.lnk
Deleted! C:\GoogleChrome\GoogleUpdate.lnk
Deleted! C:\GoogleChrome\MozillaFirefox.lnk
Deleted! C:\GoogleChrome\My Music.lnk
Deleted! C:\GoogleChrome\WindowsUpdate.lnk
Deleted! C:\GoogleChrome
Deleted! C:\MozillaFirefox\GoogleChrome.a3x
Deleted! C:\MozillaFirefox\GoogleChrome.exe
Deleted! C:\MozillaFirefox\GoogleChrome.lnk
Deleted! C:\MozillaFirefox\GoogleUpdate.lnk
Deleted! C:\MozillaFirefox\MozillaFirefox.lnk
Deleted! C:\MozillaFirefox\My Music.lnk
Deleted! C:\MozillaFirefox\WindowsUpdate.lnk
Deleted! C:\MozillaFirefox
Deleted! E:\MozillaFirefox\GoogleChrome.a3x
Deleted! E:\MozillaFirefox\GoogleChrome.exe
Deleted! E:\MozillaFirefox\GoogleChrome.lnk
Deleted! E:\MozillaFirefox\GoogleUpdate.lnk
Deleted! E:\MozillaFirefox\MozillaFirefox.lnk
Deleted! E:\MozillaFirefox\My Music.lnk
Deleted! E:\MozillaFirefox\WindowsUpdate.lnk
Deleted! E:\MozillaFirefox
Deleted! F:\MozillaFirefox\GoogleChrome.a3x
Deleted! F:\MozillaFirefox\GoogleChrome.exe
Deleted! F:\MozillaFirefox\GoogleChrome.lnk
Deleted! F:\MozillaFirefox\GoogleUpdate.lnk
Deleted! F:\MozillaFirefox\MozillaFirefox.lnk
Deleted! F:\MozillaFirefox\My Music.lnk
Deleted! F:\MozillaFirefox\WindowsUpdate.lnk
Deleted! F:\MozillaFirefox
Deleted! G:\MozillaFirefox\GoogleChrome.a3x
Deleted! G:\MozillaFirefox\GoogleChrome.exe
Deleted! G:\MozillaFirefox\GoogleChrome.lnk
Deleted! G:\MozillaFirefox\GoogleUpdate.lnk
Deleted! G:\MozillaFirefox\MozillaFirefox.lnk
Deleted! G:\MozillaFirefox\My Music.lnk
Deleted! G:\MozillaFirefox\WindowsUpdate.lnk
Deleted! G:\MozillaFirefox
Deleted! I:\MozillaFirefox\GoogleChrome.a3x
Deleted! I:\MozillaFirefox\GoogleChrome.exe
Deleted! I:\MozillaFirefox\GoogleChrome.lnk
Deleted! I:\MozillaFirefox\GoogleUpdate.lnk
Deleted! I:\MozillaFirefox\MozillaFirefox.lnk
Deleted! I:\MozillaFirefox\My Music.lnk
Deleted! I:\MozillaFirefox\WindowsUpdate.lnk
Deleted! I:\MozillaFirefox
Deleted! I:\System Volume Information\My Music.lnk
Deleted! I:\Yennai Arindhaal (2015) – LOTUS DVDRip – x264 – AAC

[DDR]\My Music.lnk
Deleted! I:\My Games\My Music.lnk
Deleted! I:\My Videos\My Music.lnk
Deleted! I:\My Movies\My Music.lnk
Deleted! I:\My Games\My Games.lnk
Deleted! I:\My Movies\My Movies.lnk
Deleted! I:\My Videos\My Videos.lnk
Deleted! HKU\S-1-5-21-2257280705-2107825200-3901767750-1000\Software\Microsoft\Windows\CurrentVersion\Run|Google Chrome
Deleted! HKU\S-1-5-21-2257280705-2107825200-3901767750-1000\Software\Microsoft\Windows\CurrentVersion\Run|AdopeFlash
Deleted! HKU\S-1-5-21-2257280705-2107825200-3901767750-1000\Software\Microsoft\Windows\CurrentVersion\Run|AdopeUpdate

How to remove GoogleChrome.a3x ?

  • Download UsbFix on your computer, and execute it.
  • It will launch automatically, and a shortcut will be created on your desktop.
  • Connect all your external data sources to your PC (Usb keys, external drives, etc…) Do not open them.
  • Choose “Clean” option.
[/fusion_builder_column_inner]
usbfix-clean
Tutorial UsbFix
logo-2-300x86

Free Support

Forum SosVirus

Help UsbFix

Rate this post

1 Star2 Stars3 Stars4 Stars5 Stars (4 votes, average: 4.25 out of 5)
Loading...