W32/Dref-AO is a worm for the Windows platform.
When first run W32/Dref-AO copies itself to <Windows>\spooldr.exe and creates the file <System>\spooldr.sys.
W32/Dref-AO also infects the file tcpip.sys with a code that loads the Trojan driver spooldr.sys into memory and activates it. Spooldr.sys contains code to hide the presence of the dropped malicious files.
The files spooldr.sys and tcpip.sys are detected as
Troj/Dorf-M.