Content

W32/Autorun.worm.bx!inf

Type
Virus
SubType
Worm
Discovery Date
03/26/2008
Length
Varies
Minimum DAT
5260 (03/26/2008)
Updated DAT
5528 (02/16/2009)
Minimum Engine
5.2.00
Description Added
03/26/2008
Description Modified
07/21/2008 10:42 PM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

The size for this file varies. The size differs based on the length of the filename being referenced inside the .inf file.

Some copies of this file has the System (S) and Hidden (H) attributes present in attempt to hide the file from certain, default, viewing options within Windows Explorer.

The contents of the file are similar to the following:

[Autorun]
open=.exe
shellexecute=.exe
shell\open\Command=.exe

The .exe file can be detected as W32/Autorun.worm.bx.

For more symptoms and characteristics of W32/Autorun.worm.bx, please refer to:

 

 

Symptoms

Method of Infection

Removal

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

This is a generic detection for a configuration text file (autorun.inf) used by W32/Autorun.worm.bx . This file is usually dropped onto the root of all removable drivers and mapped drives in an attempt to autorun an executable when the drive is accesed.

Characteristics

Characteristics -

The size for this file varies. The size differs based on the length of the filename being referenced inside the .inf file.

Some copies of this file has the System (S) and Hidden (H) attributes present in attempt to hide the file from certain, default, viewing options within Windows Explorer.

The contents of the file are similar to the following:

[Autorun]
open=.exe
shellexecute=.exe
shell\open\Command=.exe

The .exe file can be detected as W32/Autorun.worm.bx.

For more symptoms and characteristics of W32/Autorun.worm.bx, please refer to:

 

 

Symptoms

Symptoms -

Method of Infection

Method of Infection -

Removal -

Removal -

All Users:
Use current engine and DAT files for detection and removal.

Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A