Autorun Worm W32/AutoRun-AVH

An article was posted at Sophos about an autorun worm.

The worm renames “Internet Explorer” to “Internet Exploiter” and it also fakes the content of the Startup folder. When a user with an infected machine checks out the Startup folder from the Start menu, he or she will see that it is “(Empty)”. However, by going to the properties of the startup folder, the properties window would show that it is not true. The folder shortcut actually points to an executable file, KHATRA.exe.

Source: Sophos

Join 16,500+ other happy readers and subscribe to Technibbles Email Digest and receive new posts sent directly to your inbox. All new signups get a copy of our Computer Technicians Quick Reference Guide free. Signup Now!

Your Blogmaster is Lee
Lee is a computer enthusiast and technology writer.

Other Blog posts by Lee