W32/AutoInf-AB

    Category: Viruses and SpywareProtection available since:04 Dec 2009 14:10:48 (GMT)
    Type: Win32 wormLast Updated:04 Dec 2009 14:10:48 (GMT)
    Prevalence: Small Number of Reports

    Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

    W32/AutoInf-AB is a worm for the Windows platform.

    W32/AutoInf-AB spreads by copying itself to removeable storage devices and creating the file autorun.inf.

    When W32/AutoInf-AB is installed it creates the file <Windows>\sysdiag64.exe.

    The following registry entries are created to run sysdiag64.exe on startup:

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
    MicrosoftCorp
    <Windows>\sysdiag64.exe

    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    MicrosoftNAPC
    <Windows>\sysdiag64.exe

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    sysdiag64.exe
    <Windows>\sysdiag64.exe

    Download Sophos HomeDownload
    Sophos Home

    Free business-grade security for the home.

    Endpoint Protection