W32/Autorun-AWI

Category:	Viruses and Spyware	Protection available since:	02 Nov 2011 15:26:40 (GMT)
Type:	Win32 worm	Last Updated:	02 Nov 2011 15:26:40 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Autorun-AWI is a worm for the Windows platform.

When first run, the worm copies itself to the following locations:

<System>\dns_cache.vbs
<Profile>\Templates\prn_share.vbs

The following registry entries are set to run the worm automatically:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
DnsCache
wscript.exe "C:\WINDOWS\System32\dns_cache.vbs"

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PrnShare
wscript.exe "C:\WINDOWS\System32\prn_share.vbs"

The worm creates a shortcut to itself in the Start Menu named "DNS Cache.lnk".

W32/Autorun-AWI copies itself to removable drives with the filename "ntv.vbs", and creates a shortcut to this copy named "Nude Teen Videos.lnk".

The worm changes the Internet Explorer homepage and sets the following registry entry:

HKCU\Software\Microsoft\Windows\CurrentFVersion\Policies\Explorer
NoDriveTypeAutoRun
0

Try Sophos products for free
Download now

W32/Autorun-AWI

Free Mac Anti-Virus

Popular topics