Overview of worm W32/Autorun-BHO also called W32/Visal-b (MS)

  • Article ID: 112024
  • Updated: 03 Mar 2011

Sophos detects this threat as W32/Autorun-BHO. For further information, please refer to:

Note the following:

  • The malware may also modify the following Registry key to load the rogue csrss.exe upon Windows startup:
  • W32/Autorun-BHO attempts to shut down anti-virus services (not Sophos’ services, however) as well as usbguard.exe and cpe17AntiAutoruna.exe and outlook.exe. It also modifies hosts files.
More data about this threat can be found at SANS: http://isc.incidents.org/diary.html?storyid=9529

If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent