A standalone malicious program which uses computer or network resources to make complete copies of itself.
Based on the settings of your F-Secure security product, it will either move the file to the quarantine where it cannot spread or cause harm, or remove it.
Worm.Win32.AutoRun.noi creates a copy of itself as the following:
It creates the following registry key:
Note: The key is created for automatic execution when explorer.exe is launched.
It also drops two files into the root of available removable drives:
It then injects codes to explorer.exe.
The autorun.inf file is an autorun file of system.exe and contains the following strings:
Worm.Win32.AutoRun.noi attempts to retrieve information from:
The worm uses rootkit stealth techniques to hide its presence on the infected machine, including deleting its own installation file once the installation has been completed.
Date Created: 2008-10-17 11:32:14.0
Date Last Modified: 2008-10-17 12:29:43.0