A new worm that infects RAR-archives has been discovered

In addition, the worm has a payload module. Its body also contains a performed file that Win32.HLLW.Autoruner.64548 saves in the Windows installation folder in the form of the Mssys library.DLL. The harmful program writes a link to this library in the system register. The worm embeds a useful load in a copy of its own process. Then the malicious program connects to the remote server of attackers and expects commands to download and launch executable files.

Win32.HLLW.Autoruner.64548 — A representative of a fairly rare category of malicious programs capable of infecting a RAR archive. When unpacking the RAR archives, pay attention to whether suspicious executive files appeared inside: their random launch can harm your computer.


  • News.Drweb.com

Leave a Reply

Your email address will not be published. Required fields are marked *