We're gradually updating threat actor names in our reports to align with the new weather-themed taxonomy. Learn about Microsoft threat actor names
Worm:Win32/Autorun.TA
Aliases: Win32/Autorun.worm.102400.C (AhnLab) W32/Worm.ANCA (Command) Worm.AutoRun.VHZ (BitDefender) Win32/AutoRun.VB.DL (ESET) Worm.Win32.AutoRun.ajgm (Kaspersky) W32/Autorun.worm.aaj (McAfee) W32/Autorun.IZS (Panda) W32.SillyFDC (Symantec) Worm.AutoRun.SDL (VirusBuster)
Summary
To recreate a clean HOSTS file:
- Click Start, and click Run.
- Open the Hosts file, according to operating system:
On Windows 95, Windows 98, or Windows ME systems:
In the Open field, type: notepad %windir%\hosts
On Windows NT-based operating systems, such as Windows 2000 or Windows XP:
In the Open field, type: notepad<system folder>\drivers\etc\hosts
-- for example, on Windows 2000:
In the Open field, type: notepad C:\WINNT\system32\drivers\etc\hosts
-- or on Windows XP:
In the Open field, type: notepad C:\Windows\system32\drivers\etc\hosts
On Windows Vista:
Click Start, click All Programs, click Accessories, right-click Notepad, and then click Run as administrator
Click File, click Open, type: %windir%\system32\drivers\etc\hosts, and then click Open - On the first line of the HOSTS file, type: 127.0.0.1 localhost as in the following example after modifying a default 'hosts' file:
- Save the file to the same location you opened it from.
- Close Notepad.
Recovering from recurring infections on a network
- Ensure that an antivirus product is installed on ALL machines connected to the network that can access or host shares (see above for further detail).
- Ensure that all available network shares are scanned with an up-to-date antivirus product.
- Restrict permissions as appropriate for network shares on your network. For more information on simple access control, please see: http://technet.microsoft.com/library/bb456977.aspx.
- Remove any unnecessary network shares or mapped drives.