Home / malware Worm:Win32/Autorun.WZ!inf
First posted on 01 June 2010.
Source: SecurityHomeAliases :
Worm:Win32/Autorun.WZ!inf is also known as Mal/AutoInf-A (Sophos), Worm.Win32.VB.bew (Kaspersky), Win32/AutoRun.VB.NJ (ESET), Trojan.Script.294647 (BitDefender).
Explanation :
Worm:Win32/Autorun.WZ!inf is detection for the Autorun configuration file "autorun.inf" dropped by Worm:Win32/Autorun.WZ, a worm that spreads via removable and network drives.
Top
Worm:Win32/Autorun.WZ!inf is detection for the Autorun configuration file "autorun.inf" dropped by Worm:Win32/Autorun.WZ, a worm that spreads via removable and network drives. Installation Worm:Win32/Autorun.WZ!inf is a component of Worm:Win32/Autorun.WA and is present as a file "autorun.inf" on infected removable and network drives. The "autorun.inf" file contains execution instructions for the operating system that are invoked when the drive is viewed using Windows Explorer on a computer with Autorun enabled, thus executing the copy of the worm. Worm:Win32/Autorun.WZ may be present on the local drive as the following file:%windir%\winlogon.exe Spreads Via€¦ Removable and network drives Worm:Win32/Autorun.WZ checks the infected computer for removable drives and network shares; if found, the malware copies itself to: <Drive:>\DrivesGuideInfo\autorun.exe <Drive:>\DrivesGuideInfo\S-1-7-21-1439977401-7444491467-600013330-9141\autorun.exe Worm:Win32/Autorun.WZ then writes an autorun configuration file named "autorun.inf" pointing to one of the files listed above. When the removable or networked drive is accessed from another computer supporting the Autorun feature, the malware is launched automatically. Additional InformationThe presence of Worm:Win32/Autorun.WZ!inf is an indication of the presence of Worm:Win32/Autorun.WZ. For more information about Worm:Win32/Autorun.WZ, see the description elsewhere in the encyclopedia. analysis by Wei LiLast update 01 June 2010
