autorun*(that is, files that had the name autorun-something. apparently, the worm spreads via removable drives, and executes itelf using Windows Scripting Host. i'm not sure exactly what the payload (the actual damage caused by it other than being annoying) at any rate, disabling Windows Script Host is very easy if you have the right tools, or if you don't mind running around in the registry. i can't tell you exacty what registry key to modify other than
HKLM\Software\Microsoft\Windows ScriptHost\Settings\ (set both the Enabled and Remote values to 0). use Task Manager or any other process manager to kill any instances of Windows Script Host (wscript.exe) running, otherwise, cleaning the worm will be really difficult. Next, make sure that the worm doesn't start up with the system by searching for and deleting all intances of "autorun.bat" in the HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini key. Finally, at the console, run:
attrib -h -s -r autorun*and delete the files that appear if you have the default setting, which is to hide system and hidden files. if this doesn't make sense, post a comment. i'm falling asleep at my computer and i don't want it to drop off my lap. later then! oh, yeah - tools you can easily use to disable Windows Scripting include the excellent Xpy and AVG Antispyware. With Xpy, simply download, unzip and run the application. you'll see it under the 'General' settings. For AVG Antispyware, go to the Tools tab and expand Other services (or something like that; i don't have it installed for a number of reasons).