Home / malware VirTool:INF/Autorun.gen!AE
First posted on 14 July 2012.
Source: MicrosoftAliases :
VirTool:INF/Autorun.gen!AE is also known as Mal/AutoInf-DD (Sophos), Trojan.AutorunINF.AY (BitDefender), Trojan.AutorunINF (Ikarus).
Explanation :
VirTool:INF/Autorun.gen!AE is a generic detection for autorun.inf files that may be used by variants of the Win32/Vobfus family of worms when spreading to local, network or removable drives.
Worms of the Win32/Vobfus family download and run arbitrary files and the downloaded files may include additional malware.
Installation
When copying themselves to one of your drives, some variants of the Win32/Vobfus family may create a file named autorun.inf, detected as VirTool:INF/Autorun.gen!AE, which contains instructions for your computer's operating system. These instructions are designed to load the Vobfus worm when you access a drive.
Payload
The autorun.inf file will change the default opening behaviour of the drive - so that instead of just opening the drive to look at the files inside, you will inadvertently tell the drive to run (much like what happens when you insert a CD into your computer and it automatically starts to install a program).
When the drive runs, it loads the Vobfus worm.
Additional information
It should be noted that autorun.inf files on their own are not necessarily a sign of infection, as they are used by legitimate programs and installation media.
The VirTool:INF/Autorun.gen!AE detection may be related to Worm:Win32/Vobfus.EQ. For more information, see the Worm:Win32/Vobfus.EQ entry.
Related encyclopedia entries
Win32/Vobfus
Worm:Win32/Vobfus.EQ
Analysis by Edgardo Diaz
Last update 14 July 2012
