Worm:Win32/Autorun.PL
Worm:Win32/Autorun.PL is a worm that replicates itself as an executable file (.exe) to any removable drives that are connected to the victimized PC. Worm:Win32/Autorun.PL also makes changes to the system file 'explorer.exe'. Worm:Win32/Autorun.PL executes the modified system file 'explorer.exe' whenever you start Windows. By substituting the system file with its own copy, Worm:Win32/Autorun.PL assures that it is loaded whenever Windows is started. Once installed and activated, Worm:Win32/Autorun.PL downloads malevolent files and modifies the Windows Registry on the affected computer system. Worm:Win32/Autorun.PL uses a string of Chinese characters for the file name, which translates to 'cool picture.exe'. Worm:Win32/Autorun.PL may use this file name in an effort to trick victims into opening the file, so that it can start and carry out its installation on the infected computer system the drive is connected to.
File System Details
| # | File Name |
Detections
Detections: The number of confirmed and suspected cases of a particular threat detected on
infected computers as reported by SpyHunter.
|
|---|---|---|
| 1. | [Chinese characters].exe | |
| 2. | [system folder]\services.exe | |
| 3. | [system folder]\sysanalysis.exe | |
| 4. | Mourn_Operator.exe | |
| 5. | [system folder]\explorer.exe[15 RANDOM DIGITS] | |
| 6. | %windir%\explorer.exe[15 RANDOM DIGITS] |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.