Encyclopedia entry: Win32/Autorun - Learn more about malware - Microsoft Malware Protection Center

Microsoft


	Win32/Autorun (?) Encyclopedia entry Updated: Apr 29, 2013 \| Published: Feb 04, 2011 Aliases Not available Alert Level (?) Severe Antimalware protection details Microsoft recommends that you download the latest definitions to get protected. On this page Summary\|Symptoms\|Technical Information\|Prevention\|Recovery Summary Win32/Autorun is a family of worms that spreads by copying itself to the mapped drives of an infected computer. The mapped drives may include network or removable drives. Top Symptoms There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptoms. Top Technical Information (Analysis) Spreads via… Mapped drives When the worm run on your computer, it enumerates all drives of the computer until a mapped drive is found. The worm attempts to copy itself to the mapped drive. Worm:Win32/Autorun then writes an autorun configuration file named 'autorun.inf' pointing to the worm executable. When the removable or networked drive is accessed from a computer supporting the Autorun feature, the malware is launched automatically. Top Prevention Disable Autorun functionality This threat attempts to spread via removable drives on computers that support Autorun functionality. This is a particularly common method of spreading for many current malware families. For information on disabling Autorun functionality, please see the following article: http://support.microsoft.com/kb/967715/ Take these steps to help prevent infection on your computer. Top Recovery To detect and remove this threat and other malicious software that may be installed on your computer, run a full-system scan with an appropriate, up-to-date, security solution. The following Microsoft products detect and remove this threat: Microsoft Security Essentials or, for Windows 8, Windows Defender Microsoft Safety Scanner Recovering from recurring infections on a network The following additional steps may need to be taken to completely remove this threat from an infected network, and to stop infections from recurring from this and other similar types of network-spreading malware: Ensure that an antivirus product is installed on ALL computers connected to the network that can access or host shares. Ensure that all available network shares are scanned with an up-to-date antivirus product. Restrict permissions as appropriate for network shares on your network. For more information on simple access control, please see: http://technet.microsoft.com/library/bb456977.aspx. Remove any unnecessary network shares or mapped drives. Note: Additionally it may be necessary to temporarily change the permission on network shares to read-only until the disinfection process is complete. Top


	Provide feedback Please note: While your feedback is very important to us, we do not respond to individual submissions through this channel. Feedback, requests, or questions submitted through this form are monitored, however responses are not generated. If you require support, please visit the Safety & Security Center.