Home / malware

PDF

Trojan.Autorun.ZG

First posted on 21 November 2011.
Source: BitDefender

Aliases :

There are no other names known for Trojan.Autorun.ZG.

Explanation :

This files enables worms and other type of malware to be executed at startup. Be aware that the mere presence of this file isn’t to be considered a threat because it may be used by legitimate software that need to be run on access (like the autorun software of a CD). The file is used as an alternative/complementary to the autorun registry keys created by the malware.



The file is placed in the root directory of a fixed or removable drive and contains the path to a worm that is to be executed on access. The presence of such a file with the corresponding malware on a removable drive causes the spreading of the malware to all the victims that the removable drive have been plugged in to, and used. Also, the presence of the infected file in the root of a fixed drive may cause the infection of all the removable drives that are used on that computer.

The worm(usbsysload.exe) is located in the recycle bin of the current drive and hides itself with the icon of a folder.

This behavior can be stopped by disabling the DriveAutorun feature from the registry keys. This will also mean that all the software which are using autorun will have to be started manually.

Last update 21 November 2011

 

TOP