W32/AutoRun-AZX

Category:	Viruses and Spyware	Protection available since:	29 May 2010 10:01:22 (GMT)
Type:	Win32 worm	Last Updated:	29 May 2010 10:01:22 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/AutoRun-AZX is a worm for the Windows platform.

W32/AutoRun-AZX spreads by copying itself to a new sub-folder of removeable drives with the filename flyhigh.exe. An Autorun.inf file is created in the root folder of the drive in an attempt to run flyhigh.exe when the drive is loaded. All the aforementioned files and folders will have the hidden system and read-only attributes set.

W32/AutoRun-AZX copies itself locally as follows:

<Temp>\temp<variable>.exe
<Temp>\temp<variable>.exe
<Current Folder>\flyhigh.exe
<Root>\RECYCLER\<user>\recycle.exe
<Root>\RECYCLER\<user>\recyclebin.exe

The following registry entries are created to run recyclebin.exe on startup:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
CurrentVersion
<Root>\RECYCLER\<user>\recyclebin.exe

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Taskman
<Root>\RECYCLER\<user>\recyclebin.exe

The following registry entry is changed to run recycle.exe and recyclebin.exe on startup:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
<Root>\RECYCLER\<user>\recycle.exe,explorer.exe,<Root>\RECYCLER\<user>\recyclebin.exe

Try Sophos products for free
Download now

W32/AutoRun-AZX

Free Mac Anti-Virus

Popular topics