Worm:Win32/Autorun.PL is a worm that replicates itself as an executable file (.exe) to any removable drives that are connected to the victimized PC. Worm:Win32/Autorun.PL also makes changes to the system file 'explorer.exe'. Worm:Win32/Autorun.PL executes the modified system file 'explorer.exe' whenever you start Windows. By substituting the system file with its own copy, Worm:Win32/Autorun.PL assures that it is loaded whenever Windows is started. Once installed and activated, Worm:Win32/Autorun.PL downloads malevolent files and modifies the Windows Registry on the affected computer system. Worm:Win32/Autorun.PL uses a string of Chinese characters for the file name, which translates to 'cool picture.exe'. Worm:Win32/Autorun.PL may use this file name in an effort to trick victims into opening the file, so that it can start and carry out its installation on the infected computer system the drive is connected to.
File System Details
Detections: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
|5.||[system folder]\explorer.exe[15 RANDOM DIGITS]|
|6.||%windir%\explorer.exe[15 RANDOM DIGITS]|