Windows Defender Antivirus detects and removes this threat.

 

This worm can modify system policies, delete files, and download other malware.

 

It can arrive on your PC attached to a spam email message, and install copies of itself in drives C: to H:, as well as in folders with certain names.

 

Find out ways that malware can get on your PC.  

Worm:Win32/Esfury.gen!A is a generic detection for a worm that spreads to all removable and network drives and connects to certain websites. The worm changes Internet Explorer's start page, as well as other system settings, that may lower the overall security of the computer.

Worm:Win32/Autorun.MB is a worm that copies itself to mapped drives and allows remote access from an attacker. The worm can spread to other computers by exploiting a vulnerability that is present in computers that have not applied Microsoft Security Bulletin MS02-045, a security update first published in 2002.

Virus:Win32/Autorun.NE is a virus that infects all Windows files and spreads by copying itself to the root of all drives.

Worm:Win32/Autorun.ZZ is a worm that spreads by copying itself to mapped network drives as a file named "klickmich1000.exe". The worm attempts to communicate with the remote server "lysclassic.dyndns.org".

Worm:Win32/Hilgild!gen.A is a worm that spreads via removable drives. It downloads additional files into your computer.

Worm:Win32/Taterf.DI!dll is a detection of the DLL component of a member of the Win32/Taterf family of malware. This family may spread via removable drives and downloads and executes additional malware from remote servers.

Worm:Win32/Dogkild.C is a worm that that spreads via removable drives. It  downloads and executes arbitrary files from a remote host. It has been designed to deliberately compromise particular System Restore hardware and software.

Worm:Win32/Slenping.X is a detection for a worm that spreads to other computers by copying itself to mapped and removable drives and via Instant chat applications MSN Messenger and AOL Messenger.

Worm:Win32/Emold.J is an encrypted executable with a file size of 41,472 bytes. It can spread via removable drives, be spammed to users as an e-mail attachment, or distributed from malicious Web sites. It is capable of downloading arbitrary files, including other malware, from a specific Web site.

Worm:Win32/Emold.K is an encrypted executable with a file size of 40,960 bytes. It can spread via removable drives, be spammed to users as an e-mail attachment, or distributed from malicious Web sites. It is capable of downloading arbitrary files, including other malware, from a specific Web site.

Win32/Taterf.DM is a worm that spread via mapped drives in order to steal login and account details for popular online games.

Worm:Win32/Rimecud.DP is a worm that spreads via removable drives, instant messaging and peer-to-peer file-sharing programs. It also contains backdoor functionality that allows unauthorized access to an affected computer.

Worm:Win32/Abfewsm.A is a worm that spreads by placing copies of itself in the folder used for files to be written into CDs. It is capable of modifying a variety of system services as well as disabling Control Panel and registry editors. It may also modify some firewall settings.

Windows Defender Antivirus detects and removes this threat.

This backdoor trojan can give a hacker remote access to your PC. Once your PC is infected a hacker can then do a number of things, including:

• Use your PC for distributed denial of service (DDoS) attacks
• Download other malware
• Open ports on your PC that can expose it to other attacks

This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

The Win32/Autorun family description has more details.

Worm:Win32/Nenebra.A is the detection for a worm that spreads through fixed and removable drives. It connects to remote FTP sites to download and execute additional malware components.

Backdoor:Win32/Rateven.A is a trojan that allows remote access and control. The trojan could allow a remote attacker to perform actions such as delete files, stop processes and send system information.

Worm:Win32/Doyoink.A is a worm that spreads via removable drives and attempts to restart the computer when the affected user opens a command prompt.