My Bitdefender
  • 0 Shopping Cart

SHARE
THIS ON

Facebook Twitter Google Plus

Trojan.Autorun.ZG

MEDIUM
LOW
variable

Symptoms

The presence of a file named autorun.inf in the root of fixed/mobile drives (hard disks partitions, USB pen drives etc.) and the strange behavior of the computer.

Removal instructions:

Please let BitDefender disinfect your files.

Analyzed By

Cristian Lungu, virus researcher

Technical Description:

This files enables worms and other type of malware to be executed at startup. Be aware that the mere presence of this file isn’t to be considered a threat because it may be used by legitimate software that need to be run on access (like the autorun software of a CD). The file is used as an alternative/complementary to the autorun registry keys created by the malware.

The file is placed in the root directory of a fixed or removable drive and contains the path to a worm that is to be executed on access. The presence of such a file with the corresponding malware on a removable drive causes the spreading of the malware to all the victims that the removable drive have been plugged in to, and used. Also, the presence of the infected file in the root of a fixed drive may cause the infection of all the removable drives that are used on that computer.

The worm(usbsysload.exe) is located in the recycle bin of the current drive and hides itself with the icon of a folder.

This behavior can be stopped by disabling the DriveAutorun feature from the registry keys. This will also mean that all the software which are using autorun will have to be started manually.