Worm_Onlineg.DSO may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites.

Upon execution, this worm drops several component files, which Trend Micro detects as WORM_AUTORUN.ZU, TSPY_ONLINEG.NNW, WORM_AUTORUN.ZQ, WORM_NSANTI.FY.

This worm creates registry entry to enable its automatic execution at every system startup. It also modifies registry entries to hide files with both System and Read-only attributes.


It deletes itself after execution.

This worm drops copies of itself in all physical and removable drives. It also drops an AUTORUN.INF file to automatically execute its dropped copies when the said drives are accessed.

This worm downloads an updated copy of itself from certain URLs.

Technical details can be found at this Trend Micro page.