PCBugSquad

Description:

W32/AutoRun-ZX is a removable media worm that spreads by infecting devices such as flash drives, external hard drives, and other removable media.  Once an infected media is inserted into a clean machine, the clean computer will autplay the media and infect itself.

Once infected, the worm will create the file C:\RESTORE\k-1-3542-4232123213-7676767-8888886\Ogard.exe.  It will then create the follow registry key to start itself automatically:

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{67KLN5J0-4OPM-00WE-AAX5-77EF1D187322}

Manual Removal Instructions for W32/AutoRun-ZX

End these processes if they exist:
Learn how to end processes

Ogard.exe

Delete these files if they exist:
Lean how to remove files

C:\RESTORE\k-1-3542-4232123213-7676767-8888886\Ogard.exe

Remove these Registry keys if they exist:
Learn how to remove Windows Registry entries

Warning: Editing the Windows Registry incorrectly can cause problems with your computer that may cause it not to operate correctly.  Please edit the Registry only if you know what you are doing.

HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{67KLN5J0-4OPM-00WE-AAX5-77EF1D187322}

This entry was posted on Monday, March 9th, 2009 at 8:21 am and is filed under Rogue Anti-Spyware, Worms. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.