This worm may either be dropped or downloaded from remote sites by other malware.
Upon execution, it drops a copy of itself, a DLL component, and a non-malicious file in the system. It also creates a new folder.It modifies the system registry such that its automatic execution at every system startup is enabled. Also through system registry modification, it hides files with both
System and
Read-only attributes.
This worm propagates via physical and removable drives. It drops an
AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.
As part of its routine, this worm drops
CRYP_XED-6 and
TSPY_ONLINEG.BWN as its components. As a result, malicious routines of the dropped files are exhibited on the affected system.
More...