Home / malware Worm:Win32/Rorpian.E!inf
First posted on 13 April 2019.
Source: MicrosoftAliases :
Worm:Win32/Rorpian.E!inf is also known as IS/Autorun.IE, INF/SillyAutorun.EYI, W32/AutoInf-BO, INF.AutoRun.
Explanation :
Worm:Win32/Rorpian.E!inf is the detection for the file "autorun.inf", which is created by variants of Worm:Win32/Rorpian. When placed in a network or removable drive where AutoRun is enabled, it overrides the Open and Explore options on the right-click menu of the drive to run a component of Worm:Win32/Rorpian named "setup.fon". Additional InformationFiles with extension .FON are executable, but not by double-clicking in Windows Explorer. The worm component "autorun.inf" uses "rundll32.exe" to launch the .FON file. Analysis by Chris Stubbs
Last update 13 April 2019
