Click on screenshot to zoom
Danger level 7
Type: Worms

Autoit.Obfus

Autoit.Obfus is the latest worm infection to have crossed the path of many an avid PC user.

Autoit.Obfus is also referred to as: AutoitObfus or by its alias: DrvSpace.exe.

Being a worm application, this PC parasite tends to display the following characteristics:

* The Process is packed and/or encrypted using a software packing process
* Executes a Process
* Writes to another Process\'s Virtual Memory (Process Hijacking)
* Can communicate with other computer systems using HTTP protocols
* Creates system tray pop-up messages, messages, errors and security warnings
* Uses DNS to retrieve the IP address for web sites
* Adds a Registry Key (RUN) to auto start Programs on system start up
* Registers a Dynamic Link Library File
* Created as a process on disk
* Executed as a Process
* Has code inserted into its Virtual Memory space by other programs
* Added as a Registry auto start to load Program on Boot up
* Terminated as a Process
* Executed from Temporary Folders
* Deleted as a process from disk
* Changes to the file command map within the registry
* Registered as a Dynamic Link Library File

Autoit.Obfus tends to be distributed along the following channels: via emails, malicious web pages, Inter Relay Chat channels (IRC) and some peer-to-peer networks.

Autoit.Obfus will then deploy a damaging payload, which may delete files and may terminate security related files too.

Autoit.Obfus l is also highly capable of downloading additional malware onto the infected computer system, usually from a remote internet website, which is ultimately executed on a local system.

It is important to bear in mind that Autoit.Obfus has a number of varying functions – all of which are aimed at compromising the infected computer system, the user’s privacy and challenging the integrity of the computer itself.

Another function Autoit.Obfus has been designed to implement is that Autoit.Obfus is known to use backdoor techniques to infiltrate a computer system, and remain undetected whilst embedded within the system, this way it can carry out its malicious intent - undeterred.

Autoit.Obfus will ensure that it disables the use of the security programs installed in the infected system, will open up obscure connections, in order to ensure access from a remote controller. Autoit.Obfus may also self-mutate, in order to avoid detection and the removal of its executables.

One should ensure that a fully functional and reliable anti-spyware application is installed on the infected computer system. This way you will be able to deal with this threat, and remove Autoit.Obfus and all its components from the infected system.

Download Spyware Removal Tool to Remove* Autoit.Obfus
  • Quick & tested solution for Autoit.Obfus removal.
  • 100% Free Scan for Windows
disclaimer

How to manually remove Autoit.Obfus

Files associated with Autoit.Obfus infection:

DrvSpace.exe
one.exe

Autoit.Obfus processes to kill:

DrvSpace.exe
one.exe

Remove Autoit.Obfus registry entries:

HKEY_LOCAL_MACHINESOFTWAREMICROSOFTWINDOWSCURRENTVERSIONRUN DriveSpace
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\ DriveSpace
Disclaimer

Post comment — WE NEED YOUR OPINION!

Comment:
Name:
Please enter security code:
This is a captcha-picture. It is used to prevent mass-access by robots.