Home / malware VirTool:INF/Vobfus.gen
First posted on 26 June 2013.
Source: MicrosoftAliases :
There are no other names known for VirTool:INF/Vobfus.gen.
Explanation :
When copying themselves to one of your drives, some variants of the Win32/Vobfus family may create a file named autorun.inf, detected as VirTool:INF/Vobfus.gen, which contains instructions for your computer's operating system. These instructions tell your computer to load the Vobfus worm when you access a drive.
The autorun.inf file will change the default opening behavior of the drive, so that instead of just opening the drive to look at the files inside, you might inadvertently tell the drive to run (much like what happens when you insert a CD into your computer and it automatically starts to install a program).
When the drive runs, it loads the Vobfus worm.
Note: autorun.inf files on their own are not necessarily a sign of infection, as they are used by legitimate programs and installation media.
The VirTool:INF/Vobfus.gen detection may be related to Win32/Vobfus. For more information, see the Win32/Vobfus entry.
Analysis by Hyun Choi
Last update 26 June 2013
