Aliases: Worm/AutoIt.xl.157 (Avira) Win32.HLLW.Autoruner.based (Dr.Web) Worm.Win32.Autoit.xl (Kaspersky) W32/Autorun.worm.zf.gen (McAfee) W32.Harakit (Symantec)
Worm:Win32/Renocide.gen!H is the detection for a worm that spreads via removable drives and mapped network shares. It attempts to download additional files from a remote server.
Recovering from recurring infections on a network
- Ensure that an antivirus product is installed on ALL computers connected to the network that can access or host shares.
- Ensure that all available network shares are scanned with an up-to-date antivirus product.
- Restrict permissions as appropriate for network shares on your network. For more information on simple access control, please see: http://technet.microsoft.com/library/bb456977.aspx.
- Remove any unnecessary network shares or mapped drives.
Additional remediation instructions for Win32/Renocide
Click Start and then click Run.
In the Open box, type regedit and then click OK.
Locate and then click on the following registry key:
On the right panel, right-click on the following registry entry:
Select Modify and then click OK.
In the "Value data:" entry box, edit the data such that it only contains the following:
Close Registry Editor.