This malicious VBScript may arrive via network shares and removable drives. It may be downloaded unknowingly by a user when visiting malicious Web sites.
It drops copies of itself. It drops files/components.
It creates registry entries to enable its automatic execution at every system startup. It also creates and modifies registry key(s)/entry(ies) as part of its installation routine.
It drops copies of itself in network drives. It also drops copies of itself in all physical and removable drives. It drops an AUTORUN.INF file to automatically execute dropped copies when the drives are accessed.
This malicious VBScript displays the following message box at every system startup: 