JS_Autorun.AAF is JavaScript (JS) malware that may be downloaded from remote sites by other malware. It may be dropped by other malware. It may be downloaded unknowingly by a user when visiting malicious Web sites. It may be hosted on a Web site and run when a user accesses the said Web site.

It drops copies of itself.

It creates registry entries to enable its automatic execution at every system startup. It modifies registry entries to hide files with both System and Read-only attributes. It creates registry key(s)/entry(ies).


It drops copies of itself in all physical drives. It drops copies of itself in all removable drives. It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.

Technical details can be found at this Trend Micro page.