W32/Autorun-CY is a worm for the Windows platform.

When first run W32/Autorun-CY copies itself to:

Windows\setup.exe
System\OfficeExt.exe


The following registry entries are created to run OfficeExt.exe on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows load
System\OfficeExt.exe

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows load
System\OfficeExt.exe

Registry entries are created under:

HKCU\Software\VB and VBA Program Settings\OfficePlus\settings

More information can be found at this Sophos page.