Threat behavior
VirTool:INF/Autorun.gen!J is a generic detection for the "autorun.inf" configuration data files dropped by various worms, which perform automated actions associated with removable media drives.
Installation
VirTool:INF/Autorun.gen!J is installed and associated with worms that spread by means of removable media drives. This Autorun configuration file is commonly found in the root of the infected removable media drive, and contains text instructions which are executed when such media is first attached or inserted into the system and Autorun is enabled.
By using the action=Open folder to view files, the malware file is then executed whenever a user tries to open an infected drive.
Note: Action Key is one of the parameters in autorun.inf. Its main purpose is to specify the text that appears in the AutoPlay dialog for the handler representing the program specified in the open or shellexecute entry in the media’s autorun.inf file.
One such action is to open an executable named "SIUoN.eXE" when the drive is first initialized or accessed and Autorun is enabled.
Analysis by Wei Li
Prevention