Autorun worms are usually distributed as an executable (.EXE) file. The file may itself be a copy that was created by a prior worm infection, or it may have been dropped onto a computer or device as part of the payload of another harmful program, such as a trojan or exploit kit.
The executable file is usually saved to the root directory of a disk volume or drive on a computer, mobile device, or removable storage device such as a USB flash drive.
Autorun worms can also include a malicious payload, as they are often used to distribute other harmful programs such such as backdoor or trojans.
Variants of Autorun are worms that spread by copying themselves into the root directories of hard drives and other writable media such as USB memory sticks. It deletes important and useful programs, locks the Task Manager, and obtains administrator rights. It then fills up all remaining space with copies of itself.
This worm and variants create an autorun.inf file in root directories of drives.