W32/Autorun-AK is a worm for the Windows platform.
W32/Autorun-AK includes functionality to connect to the internet and communicate with a remote server via HTTP.
W32/Autorun-AK may attempt to terminate certain anti virus processes.
When first run W32/Autorun-AK copies itself to:
<Root>\usdeiect.com
<System>\amvo.exe
and creates the following files:
<Temp>\a.dll
<Temp>\tecvt6.sys
<System>\amv0.dll
<Root>\autorun.inf
tecvt6.sys is detected as Mal/RootKit-A, amv0.dll is detected as Troj/Lineag-Gen, autorun.inf is detected as W32/SillyFDC-BT and a.dll is detected as W32/Autorun-AK.
W32/Autorun-AK creates the following registry entry to run itself on startup:
HKCU\Software\Microsoft\Windows\Currentversion\Run
amva
<System>\amvo.exe
W32/Autorun-AK spreads via removable shared drives by copying itself to <Root>\usdeiect.com (detected as W32/Autorun-AK) and creating the file <Root>\autorun.inf (detected as W32/SillyFDC-BT) that is designed to run the worm when the drive is connected to an uninfected computer.
W32/Autorun-AK sets the following registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Hidden
2
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue
0