ts main objective is to spread through USB devices.
Infection strategy
USBToy creates the following files:
* MSLOGON.EXE, in the Windows system directory. This file is a copy of the worm.
* AUTORUN.INF, in the USB device, if there is any.
* TOY.EXE, in the USB device, if there is any. This file is also a copy of the worm.
These two files remain hidden in the device.
* SYSTEMNT.EXE in the directory: C:\Documents and Settings\%user%\Start Menu\Programs\Startup
where %user% is the user that has logged in.
This way, this file will be run whenever Windows is started.
USBToy uses the Windows API (Application Programming Interface) called SetFileAttributesA in order to hide the files AUTORUN.INF and TOY.EXE and the subfolder STARTUP located in the directory: C:\Documents and Settings\%user%\Start Menu\Programs.
Means of transmission
USBToy spreads from computers to USB devices and vice versa. In order to do so, it follows the routine below:
* When it is run, USBToy checks if there is any USB device connected to the computer.
* If it finds any, USBToy will infect it by copying two files, which remain hidden, to the device.
* When the infected USB device is connected to other computer, this computer will be also infected by USBToy.
Further Details
USBToy is written in the programming language Visual C++ v6. This worm is 45,056 bytes in size.
You need to get your anti virus software running mate do a scan as its a malicious file