optionrefi.com

Home > General > W32/Autorun.worm.gen

W32/Autorun.worm.gen

Disable Autorun functionality This threat attempts to spread via removable drives on computers that support Autorun functionality. A full scan might find other hidden malware. Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher). Get Expert Help McAfeeVirus Removal Service Connect to one of our Security Experts by phone. weblink

This infection method is often used to propagate malicious payloads, such as a backdoor, password stealer, or some other kind of trojan. Back to Top View Virus Characteristics Virus Information Virus Removal Tools Threat Activity Top Tracked Viruses Virus Hoaxes Regional Virus Information Global Virus Map Virus Calendar Glossary Have your PC fixed remotely - while you watch! $89.95 Free Security Newsletter Sign Up for Security News and Special Offers: Indications of Infection: Risk Assessment: They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. https://home.mcafee.com/VirusInfo/VirusProfile.aspx?key=8315907

They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. More scanning & removal options More information on the scanning and removal options available in your F-Secure product can be found in the Help Center. Back to Top View Virus Characteristics Virus Information Virus Removal Tools Threat Activity Top Tracked Viruses Virus Hoaxes Regional Virus Information Global Virus Map Virus Calendar Glossary

Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer. Please go to the Microsoft Recovery Console and restore a clean MBR. Get advice. For instructions, please refer to: https://www.mcafee.com/us/downloads/free-tools/disabling-system-restore.aspx 2.

If you’re using Windows XP, see our Windows XP end of support page. Update your McAfee Anti-Virus product to the latest version (when possible), and ensure the latest DAT and Engine and any applicable EXTRA.DATs are installed. 3. For information on disabling the Autorun functionality, please see the following article:http://support.microsoft.com/kb/967715/ Additional remediation instructions for Worm:Win32/Autorun.gen!AED This threat may make lasting changes to a computer's configuration that are NOT restored by find more This is a particularly common method of spreading for many current malware families.

The red color spreads throughout the disc to indicate whether a threat is moderate, high or severe.PreviousNextSummaryWhat to do nowTechnical informationSymptoms Symptoms Alerts from your security software might be the only On windows XP: Insert the Windows XP CD into the CD-ROM drive and restart the computer.When the "Welcome to Setup" screen appears, press R to start the Recovery Console.Select the Windows Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer. Have your PC fixed remotely - while you watch! $89.95 Free Security Newsletter Sign Up for Security News and Special Offers: Indications of Infection: Risk Assessment:

Get Expert Help McAfeeVirus Removal Service Connect to one of our Security Experts by phone. Variants of Worm:Win32/Autorun usually spread using methods that include, but may not be limited to, copying themselves to removable or network drives, and placing an autorun.inf file in the root directory Get Expert Help McAfeeVirus Removal Service Connect to one of our Security Experts by phone. System Changes These are general defaults for typical path variables. (Although they may differ, these examples are common.): %WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000) %SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME),

Business Home About Us Purchase United States - English América Latina - Español Australia - English Brasil - Português Canada - English Canada - Français China - 中国 (Simplified Chinese) Czech have a peek at these guys Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer. Top Threat behavior Worm:Win32/Autorun.gen!inf is a detection for 'autorun.inf' files that may be used by worms when spreading to local, network, or removable drives.   When copying themselves to a drive, these worms Please go to the Microsoft Recovery Console and restore a clean MBR.

Could be used to prevent the or detour the use of common system tools.Attempts to launch an instance of Internet Explorer.Enumerates many system files and directories.Modifies Windows control panel settings.Adds or Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer. They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive. http://optionrefi.com/general/win32-worm-autorun.php Viruses are self-replicating.

Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then further propagate the virus. On Windows Vista and 7: Insert the Windows CD into the CD-ROM drive and restart the computer.Click on "Repair Your Computer"When the System Recovery Options dialog comes up, choose the Command Viruses are self-replicating.

ActivitiesRisk LevelsAdds or modifies winlogon userinit registry value.

Methods of Infection Viruses are self-replicating. When you connect the drive to your PC, the worm is run automatically. Run a full system scan. (On-Demand Scan) 4. Back to Top View Virus Characteristics Virus Information Virus Removal Tools Threat Activity Top Tracked Viruses Virus Hoaxes Regional Virus Information Global Virus Map Virus Calendar Glossary

Disable Windows System Restore. Propagation The autorun.inf includes the name and path of the actual worm executable. When an infected media device (such as a CD, DVD or USB drive) is inserted into the computer, the autorun.inf and consequently the actual malicious program is automatically executed. this content On Windows Vista and 7: Insert the Windows CD into the CD-ROM drive and restart the computer.Click on "Repair Your Computer"When the System Recovery Options dialog comes up, choose the Command

Share the knowledge on our free discussion forum. What to do now To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. Back to Top View Virus Characteristics Virus Characteristics This is a Virus File PropertiesProperty ValuesMcAfee DetectionW32/Autorun.worm.genLength3328947 bytesMD583863cd66811770097c2943ff4b101d0SHA1ea221616c32cedd30e3be08b622c6033f8cb8208 Other Common Detection AliasesCompany NamesDetection NamesavastWin32:Downloader-FJSMicrosoftWorm:Win32/Colowned.ApandaW32/Autorun.KOJOther brands and names may be claimed They are often spread by a network or by transmission to a removable medium such as a removable disk, writable CD, or USB drive.

Disable Windows System Restore. Update your McAfee Anti-Virus product to the latest version (when possible), and ensure the latest DAT and Engine and any applicable EXTRA.DATs are installed. 3. For Home For Business For Partners Labs Home News News From the Labs Incidents Calendar Tools & Beta Tools & Beta Flashback Removal Database Updates Rescue CD Router Checker iOS Check Learn More About About Company News Investors Careers Offices Labs Labs Labs blog Latest threats Remove threats Submit a sample Beta programs Support Support Knowledge base Software updates Community Support Tools

Note The following Generic Detections: Worm:inf/Autorun.gen!A Worm:Inf/Hamweg.gen!A identify the autorun.inf files created by Autorun worms (and other families that use the same technique to propagate). Although many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Minimum Engine 5600.1067 File Length 215552 Description System Changes These are general defaults for typical path variables. (Although they may differ, these examples are common.): %WinDir% = \WINDOWS (Windows 9x/ME/XP/Vista), \WINNT (Windows NT/2000) %SystemDir% = \WINDOWS\SYSTEM (Windows 98/ME), Such files contain execution instructions for the operating system, so that when the removable drive is accessed from another computer supporting the Autorun feature, the malware is launched automatically.

On windows XP: Insert the Windows XP CD into the CD-ROM drive and restart the computer.When the "Welcome to Setup" screen appears, press R to start the Recovery Console.Select the Windows e.g. %WINDIR% = \WINDOWS (Windows 9x/ME/XP/Vista/7), \WINNT (Windows NT/2000) %PROGRAMFILES% = \Program Files The following files were analyzed: ea221616c32cedd30e3be08b622c6033f8cb8208 The following files have been added to the system: %APPDATA%\taskhost.exeC:\viewDrive.exe%TEMP%\viewdrive The following Top Follow:I want to...Get helpRemove difficult malwareAvoid tech support phone scamsSee and search the latest threatsFind answers to other problemsFix my softwareFix updates and solve other problemsSee common error codesDownload and It modifies the following registry entries to ensure that the package copy executes at each Windows start: In subkey: HKLM\Software\Microsoft\Windows\CurrentVersion\RunSets value: "Framework"With data: "\winmain.exe 6666" Spreads via...

On Windows Vista and 7: Insert the Windows CD into the CD-ROM drive and restart the computer.Click on "Repair Your Computer"When the System Recovery Options dialog comes up, choose the Command Get Expert Help McAfeeVirus Removal Service Connect to one of our Security Experts by phone. Could be used to launch a program on startup.Modifies winlogon configuration settings in registryEnumerates many system files and directories.No digital signature is present McAfee ScansScan DetectionsMcAfee BetaW32/Autorun.worm.genMcAfee SupportedW32/Autorun.worm.gen System Changes Some Indication of Infection This symptoms of this detection are the files, registry, and network communication referenced in the characteristics section.

e.g. %WINDIR% = \WINDOWS (Windows 9x/ME/XP/Vista/7), \WINNT (Windows NT/2000) %PROGRAMFILES% = \Program Files The following files were analyzed: 82F24DA4030F2A[private subnet]BA4C3BD85E067B8BA The following registry elements have been created: HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET ACCOUNT MANAGER\HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET ACCOUNT On windows XP: Insert the Windows XP CD into the CD-ROM drive and restart the computer.When the "Welcome to Setup" screen appears, press R to start the Recovery Console.Select the Windows Viruses may also spread by infecting files on a network file system or a file system that is shared by another computer.

All Users: Please use the following instructions for