Attention: We will be transitioning to a new AAD or Microsoft Entra ID from the week of May 20, 2024. In case your tenant requires admin consent, please refer to this document located at Overview of user and admin consent - Microsoft Entra ID | Microsoft Learn and grant access to App ID: 6ba09155-cb24-475b-b24f-b4e28fc74365 with graph permissions for Directory.Read.All and User.Read for continued access.
Send us feedback
Thank you for your feedback
We couldn't find the malware. Try searching for the malware you’ve encountered. If you opened this link from a Microsoft product, please
use the Feedback Hub app
to report the invalid URL.
We couldn't find the malware. We’ve returned search results instead. If you opened this link from a Microsoft product, please
use the Feedback Hub app
to report the invalid URL.
This is a detection for a file, called autorun.inf, that can be used by worms when they spread to local, network, or removable drives.
The file has instructions to launch the malware automatically when the removable drive is connected to a PC with the Autorun feature turned on.
This is a common way for malware to spread. However, autorun.inf files on their own are not necessarily a sign of infection; they are also used by legitimate programs.
See our infographic to the right which shows how these worms can spread.
VirTool:INF/Autorun.gen!J is a generic detection for the "autorun.inf" configuration data files dropped by various worms, which perform automated actions associated with removable media drives.
Worm:INF/Vobfus.gen is a generic detection for an obfuscated Autorun script file named "autorun.inf" that is dropped by variants of Win32/Vobfus, a worm that spreads via removable drives and downloads and executes arbitrary files. Detection of this script component is an indication of a Worm:Win32/Vobfus infection.
This threat is a worm, which means it spreads from PC to PC. This particular worm spreads by copying itself to mapped network or removable drives. If someone tries to open that drive from another PC, their PC will be infected.
This is a detection for a file, called autorun.inf, that can be used by worms when they spread to local, network, or removable drives.
The file has instructions to launch the malware automatically when the removable drive is connected to a PC with the Autorun feature turned on.
This is a common way for malware to spread. However, autorun.inf files on their own are not necessarily a sign of infection; they are also used by legitimate programs.
See our infographic to the right which shows how these worms can spread.
VirTool:INF/Autorun.gen!L is a detection for "autorun.inf" files that may be used by worms when spreading to local, network, or removable drives. When copying themselves to a drive, worms can create a file named "autorun.inf", which contains execution instructions for the operating system. When the drive is viewed using Windows Explorer, "autorun.inf" runs, thus executing the worm copy.
It should be noted that "autorun.inf" files on their own are not necessarily a sign of infection, as they are used by legitimate programs and installation CDs.
Worm:INF/Autorun.B is the detection for files with the name "autorun.inf" that may be used by worms when spreading to local, network, or removable drives. When the drive is viewed using Windows Explorer, "autorun.inf" may automatically run, thus running the worm copy.
VirTool:INF/Autorun.gen!S is a detection for "autorun.inf" files that may be used by worms when spreading to local, network, or removable drives. When copying themselves to a drive, worms can create a file named "autorun.inf", which contains execution instructions for the operating system. When the drive is viewed using Windows Explorer, "autorun.inf" runs, thus executing the worm copy.
It should be noted that "autorun.inf" files on their own are not necessarily a sign of infection, as they are used by legitimate programs and installation CDs.
VirTool:INF/Autorun.gen!H is a generic detection for the "autorun.inf" configuration data file that performs automated actions associated with removable media drives. One such action is to open an executable named "\BUMARA\darica.exe" when the drive is first connected or accessed and Autorun is enabled.
VirTool:INF/Autorun.gen!C is a detection for "autorun.inf" files that may be used by worms when spreading to local, network, or removable drives. When copying themselves to a drive, worms can create a file named "autorun.inf", which contains execution instructions for the operating system. When the drive is viewed using Windows Explorer, "autorun.inf" runs, thus executing the worm copy.
It should be noted that "autorun.inf" files on their own are not necessarily a sign of infection, as they are used by legitimate programs and installation CDs.
VirTool:INF/Autorun.gen!Q is a detection for "autorun.inf" files that may be used by worms when spreading to local, network, or removable drives. When copying themselves to a drive, worms can create a file named "autorun.inf", which contains execution instructions for the operating system. When the drive is viewed using Windows Explorer, "autorun.inf" runs, thus executing the worm copy.
It should be noted that "autorun.inf" files on their own are not necessarily a sign of infection, as they are used by legitimate programs and installation CDs.
VirTool:INF/Autorun.gen!W is a detection for "autorun.inf" files that may be used by worms when spreading to local, network, or removable drives. When copying themselves to a drive, worms can create a file named "autorun.inf", which contains execution instructions for the operating system. When the drive is viewed using Windows Explorer, "autorun.inf" runs, thus executing the worm copy.
It should be noted that "autorun.inf" files on their own are not necessarily a sign of infection, as they are used by legitimate programs and installation CDs.
The autorun.inffile is created by worms when they copy themselves to a local, network, or removable drive.
Some worms can spread to other PCs by infecting removable drives that you have plugged into your PC (such as USB drives or portable hard disks). If you plug those drives into another PC, the worm will infect that PC as well.
This is a common way for malware to spread. However, autorun.inf files on their own are not necessarily a sign of infection, they are also used by legitimate programs.
VirTool:INF/Autorun.gen!E is a detection for "autorun.inf" files that may be used by worms when spreading to local, network, or removable drives. When copying themselves to a drive, worms can create a file named "autorun.inf", which contains execution instructions for the operating system. When the drive is viewed using Windows Explorer, "autorun.inf" runs, thus executing the worm copy.
It should be noted that "autorun.inf" files on their own are not necessarily a sign of infection, as they are used by legitimate programs and installation CDs.
VirTool:INF/Autorun.gen!O is a detection for "autorun.inf" files that may be used by worms when spreading to local, network, or removable drives. When copying themselves to a drive, worms can create a file named "autorun.inf", which contains execution instructions for the operating system. When the drive is viewed using Windows Explorer, "autorun.inf" runs, thus executing the worm copy.
It should be noted that "autorun.inf" files on their own are not necessarily a sign of infection, as they are used by legitimate programs and installation CDs.
VirTool:INF/Autorun.gen!T is a generic detection for "autorun.inf" files that use suspicious actions or commands. It may be used by other malware to automatically launch related .EXE or executable files.
