Home / malware VirTool:INF/Autorun.gen!B
First posted on 19 April 2019.
Source: MicrosoftAliases :
VirTool:INF/Autorun.gen!B is also known as Worm/Generic_c.ABJ, W32/Autorun.ISF.worm, INF.AutoRun.
Explanation :
Installation VirTool:INF/Autorun.gen!B is installed and associated with worms that spread by means of removable drive media. This Autorun configuration file is commonly found in the root of the infected removable media and contains text instructions which are executed when such media is first attached or inserted in to the system and Autorun is enabled. VirTool:INF/Autorun.gen!B mimics a system file which was automatically generated and suggests not to change any of its content when opened by a text editor. Payload Runs other files When such media is first attached or inserted in to the system and Autorun is enabled, INF/Autorun.gen!B runs an accompanying file named "program.exe", also located in the root of the removable drive. The VirTool:INF/Autorun.gen!B also changes the default double-click behavior for the removable drive and its icon, which is shown as a closed-folder icon, hence suggesting a double-click action to open it when viewed by Windows Explorer. If the drive is opened via a double-click (or by pressing the Enter key), the file "program.exe" is executed. Analysis by Oleg Petrovsky
Last update 19 April 2019
