McAfee has received multiple reports of corporate customers who are severely affected by variants of W32/autorun.worm.aaeb-h.



W32/Autorun.worm.aaeb-h has the ability to infect removable media devices and mounted network shares. It can also copy itself into .zip and .rar archive files.

The infection starts either with manual execution of an infected file or by navigating to a folder that contains infected files. This threat has the ability to download other malware or updates to itself as directed by a Command-and-Control (C&C) server.

This threat is server-side polymorphic, therefore there is potential for new variants. McAfee Labs are continuing to closely monitor the situation and will provide enhanced generic detection as needed.



Coverage for the majority of variants are in the current DAT update files, however McAfee have also released an additional Extra.DAT and Stinger to detect and clean this threat.

To download the Extra.DAT and Stinger, see KB76807:


For more information on McAfee product coverage and mitigation for this threat, see PD24169 - Threat Advisory: W32/Autorun.worm.aaeb: