McAfee alert on W32/autorun.worm.aaeb-h worm [updated 28/11/12 @21:35 GMT+1]

W32/Autorun.worm.aaeb-h has the ability to infect removable media devices and mounted network shares. It can also copy itself into .zip and .rar archive files.

The infection starts either with manual execution of an infected file or by navigating to a folder that contains infected files. This threat has the ability to download other malware or updates to itself as directed by a Command-and-Control (C&C) server.

Mitigation
McAfee has released an Extra.DAT to detect and clean this threat. A new version of Stinger will be available later. McAfee will send another SNS notice when the Stinger is available.

To download the Extra.DAT and Stinger (when available), see KB76807:
https://kc.mcafee.com/corporate/index?page=content&id=KB76807

For more information on McAfee product coverage and mitigation for this threat, see PD24169 – Threat Advisory: W32/Autorun.worm.aaeb:
https://kc.mcafee.com/corporate/index?page=content&id=PD24169

*** UPDATE 21:35 ***

Download the latest stinger tool which can detect and remove this worm here:
https://kc.mcafee.com/resources/sites/MCAFEE/content/live/CORP_KNOWLEDGEBASE/76000/KB76807/en_US/stinger.zip

How to install an extra.dat file:

To apply the ExtraDAT locally:

  1. Click Start, Run, type services.msc, and click OK.
  2. Right-click the McAfee McShield service and select Stop.
  3. Copy the ExtraDAT file to the following location:
    32-bit installations     <installation drive>Program FilesCommon FilesMcAfeeEngine     64-bit installations     <installation drive>Program Files (x86)Common FilesMcAfeeEngine
  4. In the Services window, right-click McAfee McShield and select Start.
    The new detections in ExtraDAT will take effect after the McShield service has started.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.