|W32.Gramos is a network-aware worm that downloads the Trojan proxy, Backdoor.Ranck.
It does the following:
Downloads the Trojan proxy, Backdoor.Ranck, from a hard-coded URL, copies it to C:\winnt\Mh.exe, and then executes it.
Registers itself as a service process on Windows 95/98/Me systems to hide itself from the task list.
Calculates a random IP address.
Enumerates the users on the remote server and then attempts to connect using these usernames with a blank password.
Copies itself to \\\c$\winnt\system32\Msgran.exe.
Remotely schedules a task to run the worm on the newly infected computer.
To remove it from autorun section, navigate to the key:
and delete the value:
Use antivirus (also check How To Remove section)Startup Optimizer to automatically remove it.