Attention: We will be transitioning to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access.
Send us feedback
Thank you for your feedback
We couldn't find the malware. Try searching for the malware you’ve encountered. If you opened this link from a Microsoft product, please
use the Feedback Hub app
to report the invalid URL.
We couldn't find the malware. We’ve returned search results instead. If you opened this link from a Microsoft product, please
use the Feedback Hub app
to report the invalid URL.
This threat is a worm, which means it spreads from PC to PC. This particular worm spreads by copying itself to mapped network or removable drives. If someone tries to open that drive from another PC, their PC will be infected.
Worm:Win32/Rimecud.A is a worm that spreads by copying itself to removable drives, messenger and peer-to-peer file sharing networks. It also contains backdoor functionality that allows unauthorized access and control of an affected machine. It is dropped and executed by TrojanDropper:Win32/Autorun.GR. In the wild, TrojanDropper:Win32/Autorun.GR has been distributed inside a ZIP archive called 'christmas.zip'.
Also detected as: Worm:Win32/Autorun.GR(Microsoft)
Worm:VBS/Autorun.BU is a worm that spreads by dropping copies of itself onto all available removable drives. It also modifies system security settings.
TrojanDropper:Win32/Autorun.GR is a trojan that drops a worm, Worm:Win32/Rimecud.A. In the wild, it has been distributed inside a ZIP archive called 'christmas.zip'.
Worm:Win32/Autorun.AAY is a worm that spreads by copying itself to removable and network drives. The worm attempts to connect to a remote server via TCP port 443.
Worm:Win32/Autorun.PI is a worm that spreads to other drives and could allow unauthorized access to an affected machine. This malware could be instructed by a remote attacker to download and execute arbitrary files.
Worm:Win32/Autorun.XGD is a worm - a self-propagating program that can spread itself from one computer to another. Worms may spread themselves via a variety of different channels in order to compromise new machines. Commonly, worms may spread directly by copying themselves to removable or network drives, or by attempting to exploit particular vulnerabilities on targeted machines. Worms also often attempt to spread via platforms that require user interaction in order to run. They may send themselves as an attachment to an email or an instant message, or send a link to a copy of themselves in the body of a message. In these cases the message needs to be convincing enough to encourage the victim to click on the link or attachment and run or download a copy of the worm.
Worm:Win32/Autorun.WA is a worm - a self-propagating program that can spread itself from one computer to another. Worms may spread themselves via a variety of different channels in order to compromise new machines. Commonly, worms may spread directly by copying themselves to removable or network drives, or by attempting to exploit particular vulnerabilities on targeted machines. Worms also often attempt to spread via platforms that require user interaction in order to run. They may send themselves as an attachment to an email or an instant message, or send a link to a copy of themselves in the body of a message. In these cases the message needs to be convincing enough to encourage the victim to click on the link or attachment and run or download a copy of the worm.
Worm:Win32/Autorun.WM is a worm - a self-propagating program that can spread itself from one computer to another. Worms may spread themselves via a variety of different channels in order to compromise new machines. Commonly, worms may spread directly by copying themselves to removable or network drives, or by attempting to exploit particular vulnerabilities on targeted machines. Worms also often attempt to spread via platforms that require user interaction in order to run. They may send themselves as an attachment to an email or an instant message, or send a link to a copy of themselves in the body of a message. In these cases the message needs to be convincing enough to encourage the victim to click on the link or attachment and run or download a copy of the worm.
Worm:Win32/Autorun.ADB is a worm - a self-propagating program that can spread itself from one computer to another. Worms may spread themselves via a variety of different channels in order to compromise new computers. Variants of Worm:Win32/Autorun usually spread using methods that include, but may not be limited to, copying themselves to removable or network drives, and placing an autorun.inf file in the root directory of each affected drive in an attempt to ensure that the worm is run when the removable drive is attached, or the network drive is visited from a remote system supporting the Autorun feature.
Worm:Win32/Autorun.ADC is a worm - a self-propagating program that can spread itself from one computer to another. Worms may spread themselves via a variety of different channels in order to compromise new computers. Variants of Worm:Win32/Autorun usually spread using methods that include, but may not be limited to, copying themselves to removable or network drives, and placing an autorun.inf file in the root directory of each affected drive in an attempt to ensure that the worm is run when the removable drive is attached, or the network drive is visited from a remote system supporting the Autorun feature.
Worm:Win32/Autorun.ADG is a worm - a self-propagating program that can spread itself from one computer to another. Worms may spread themselves via a variety of different channels in order to compromise new computers. Variants of Worm:Win32/Autorun usually spread using methods that include, but may not be limited to, copying themselves to removable or network drives, and placing an autorun.inf file in the root directory of each affected drive in an attempt to ensure that the worm is run when the removable drive is attached, or the network drive is visited from a remote system supporting the Autorun feature.
Worm:AutoIt/Autorun.DQ is a worm - a self-propagating program that can spread itself from one computer to another. Worms may spread themselves via a variety of different channels in order to compromise new machines. Commonly, worms may spread directly by copying themselves to removable or network drives, or by attempting to exploit particular vulnerabilities on targeted machines. Worms also often attempt to spread via platforms that require user interaction in order to run. They may send themselves as an attachment to an email or an instant message, or send a link to a copy of themselves in the body of a message. In these cases the message needs to be convincing enough to encourage the victim to click on the link or attachment and run or download a copy of the worm.
Worm:Win32/Autorun.ADF is a worm - a self-propagating program that can spread itself from one computer to another. Worms may spread themselves via a variety of different channels in order to compromise new computers. Variants of Worm:Win32/Autorun usually spread using methods that include, but may not be limited to, copying themselves to removable or network drives, and placing an autorun.inf file in the root directory of each affected drive in an attempt to ensure that the worm is run when the removable drive is attached, or the network drive is visited from a remote system supporting the Autorun feature.
VirTool:INF/Autorun.gen!AE is a generic detection for autorun.inf files that may be used by variants of the Win32/Vobfus family of worms when spreading to local, network or removable drives.
Worms of the Win32/Vobfus family download and run arbitrary files and the downloaded files may include additional malware.