2/11: AutoRun-XF Worm Spreads Via Removable Shared Drives

W32/AutoRun-XF is a worm for the Windows platform.

When run W32/AutoRun-XF copies itself to System\uret463.exe and creates the file System\lhgjyit0.dll (also detected as W32/AutoRun-XF)

W32/AutoRun-XF spreads via removable shared drives by copying itself as Root\6o0.bat and creating the file Root\autorun.inf (also detected as W32/AutoRun-XF).

The following registry entry is set:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
dorfgwe
System\uret463.exe

More information can be found at this Sophos page.

Loading Comments...

Comment and Contribute

White Papers
eBooks

Discover a Sustainable Approach to Access Certification
Step-by-Step: The Do-It-Yourself Security Audit
A Pragmatic Approach to Role-Based Access Governance and HIPAA Compliance
Get an Overview of Access Governance
Access Governance Case Study — Cricket Communications
The Essentials of Enterprise Security

How do I secure my Android phone?
What are the top iPhone security apps?
What are the top Android security risks?
Are public Wi-Fi hotspots safe?
Is Firefox more secure than IE?
How can I protect my iOS device?
How do I secure my wireless network?

2/11: AutoRun-XF Worm Spreads Via Removable Shared Drives

W32/AutoRun-XF is a worm for the Windows platform.

Loading Comments...

Topic Centers

Articles by Type

Contact Us

More Security

2/11: AutoRun-XF Worm Spreads Via Removable Shared Drives

W32/AutoRun-XF is a worm for the Windows platform.

Loading Comments...

Most Recent Alerts Articles

Topic Centers

Articles by Type

Contact Us

More Security