WORM_AUTORUN.HCE
Kaspersky: Trojan.Win32.VB.afvv
Windows 2000, Windows XP, Windows Server 2003
Threat Type: Worm
Destructiveness: No
Encrypted: Yes
In the wild: Yes
OVERVIEW
Copies itself in all available physical drives, Propagates via removable drives
This worm uses the default Windows folder icon to trick users into opening the file. Double-clicking the file executes this malware.
TECHNICAL DETAILS
23,552 bytes
PE
Yes
15 Mar 2011
Installation
This worm uses the default Windows folder icon to trick users into opening the file. Double-clicking the file executes this malware.
Propagation
This worm searches for folders in all physical and removable drives then drops copies of itself inside the folder as {folder name}.EXE.
It drops the following copy of itself in all physical and removable drives:
- .exe
NOTES:
It sets the attribute of found folders to "Hidden" so that users are lured to click its dropped copy instead of the original folder.