W32/AutoRun-TD

Category: Viruses and SpywareProtection available since:06 Jan 2009 02:39:19 (GMT)
Type: Win32 wormLast Updated:06 Jan 2009 02:39:19 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/AutoRun-TD is a worm for the Windows platform.

When run W32/AutoRun-TD copies itself to <System>\mmvo.exe and sets the following registry entries:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
mmva
<System>\mmvo.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Hidden
2

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden
0

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue
0


W32/AutoRun-TD also creates the files:

<System>\mmvo0.dll - detected as Troj/Virtum-Gen
<System>\mmvo1.dll - detected as Troj/Virtum-Gen

W32/AutoRun-TD spreads via removable shared drives.