We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Worm:Win32/Autorun.TA
Aliases: Win32/Autorun.worm.102400.C (AhnLab) W32/Worm.ANCA (Command) Worm.AutoRun.VHZ (BitDefender) Win32/AutoRun.VB.DL (ESET) Worm.Win32.AutoRun.ajgm (Kaspersky) W32/Autorun.worm.aaj (McAfee) W32/Autorun.IZS (Panda) W32.SillyFDC (Symantec) Worm.AutoRun.SDL (VirusBuster)
Summary
To recreate a clean HOSTS file:
-
Click Start, and click Run.
-
Open the Hosts file, according to operating system:
On Windows 95, Windows 98, or Windows ME systems:
In the Open field, type: notepad %windir%\hosts
On Windows NT-based operating systems, such as Windows 2000 or Windows XP:
In the Open field, type: notepad<system folder>\drivers\etc\hosts
-- for example, on Windows 2000:
In the Open field, type: notepad C:\WINNT\system32\drivers\etc\hosts
-- or on Windows XP:
In the Open field, type: notepad C:\Windows\system32\drivers\etc\hosts
On Windows Vista:
Click Start, click All Programs, click Accessories, right-click Notepad, and then click Run as administrator
Click File, click Open, type: %windir%\system32\drivers\etc\hosts, and then click Open -
On the first line of the HOSTS file, type: 127.0.0.1 localhost as in the following example after modifying a default 'hosts' file:
-
Save the file to the same location you opened it from.
-
Close Notepad.
Recovering from recurring infections on a network
-
Ensure that an antivirus product is installed on ALL machines connected to the network that can access or host shares (see above for further detail).
-
Ensure that all available network shares are scanned with an up-to-date antivirus product.
-
Restrict permissions as appropriate for network shares on your network. For more information on simple access control, please see: http://technet.microsoft.com/library/bb456977.aspx.
-
Remove any unnecessary network shares or mapped drives.