W32/Autex.worm, Win32/HLLW.Autex, WORM_AUTEX.A, Worm/Autex, Win32/Autex.A
Win32.HLLW.Generic.60, Win32:Autex, [email protected]
, Worm Generic.LC, Worm/Autex.A
Category: Computer Worm
24 Sep 2005
Reports of infection indicate that the W32.Autex.C program makes use of mapped network drives in the infected computer system to spread its payload to other machines. There are also instances wherein this malware has been observed to initiate some forms of keystroke logging activities.
W32.Autex.C Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Autex.C from your computer.
More details about W32.Autex.C
A W32.Autex.C program infected computer system would normally have traces of the 1.com, services.exe, finder.com, explorer.com, rundll32.com, exeroute.exe, command.pif, dxdiag.com, regedit.com, msconfig.com, iexplore.com, and iexplore.pif among others in the local hard drive. Although majority of these files look like legitimate Operating System processes, the clue to the W32.Autex.C infection is that these files are normally out of place. The Worm usually places these files in the C:\ Windows, Windows\ System, Program Files\ Internet Explorer, or Program Files\ Common Files directory folders and may have a different file size compared to the legitimate Windows processes. The key Torjan Program is likewise entered into the Windows Registry entries. The key points to the location of the services.exe file and are used to make sure that the W32.Autex.C is automatically loaded on system boot up or restart.
A corresponding Windows Registry key is also created for the other files associated with this malware. This will ensure that the infection is established in the host computer system. The Check_Associations key is also placed in the Windows Registry entry. By assigning the value YES to this key, the W32.Autex.C W32.Autex.C program will be able to scan the computer system for the presence of any mapped network drive where it can install the file autorun.inf. This will ensure that this Worm will be able to penetrate other computer systems in the network environment where the infected machine is connected to.