2/10: AutoRun-XA Worm Spreads Via Removable Shared Drives

W32/AutoRun-XA is a worm for the Windows platform.

When run W32/AutoRun-XA copies itself to System\(original name of worm) and sets the following registry entries:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows open
System\(original name of worm)

W32/AutoRun-XA spreads via removable shared drives by copying itself as (Root)\HiBestfriendThisIsMyPictureWhenIwasOnthebeach.exe and creating the file (Root)\autorun.inf (also detected as W32/AutoRun-XA).

W32/AutoRun-XA also creates the files
Root\HelloPhilippines.txt
System\HelloPhilippines.txt

These files are not malicious and can be safely removed.

More information can be found at this Sophos page.

Loading Comments...

Comment and Contribute

White Papers
eBooks

Discover a Sustainable Approach to Access Certification
Step-by-Step: The Do-It-Yourself Security Audit
A Pragmatic Approach to Role-Based Access Governance and HIPAA Compliance
Get an Overview of Access Governance
Access Governance Case Study — Cricket Communications
The Essentials of Enterprise Security

How do I secure my Android phone?
What are the top iPhone security apps?
What are the top Android security risks?
Are public Wi-Fi hotspots safe?
Is Firefox more secure than IE?
How can I protect my iOS device?
How do I secure my wireless network?

2/10: AutoRun-XA Worm Spreads Via Removable Shared Drives

W32/AutoRun-XA is a worm for the Windows platform.

Loading Comments...

Topic Centers

Articles by Type

Contact Us

More Security

2/10: AutoRun-XA Worm Spreads Via Removable Shared Drives

W32/AutoRun-XA is a worm for the Windows platform.

Loading Comments...

Most Recent Alerts Articles

Topic Centers

Articles by Type

Contact Us

More Security