If you haven’t already done so you should patch a vulnerability which this virus exploits.

Virus Prepends Itself to Files With .Exe Extensions

W32.Axon.B is a virus that prepends itself to the files with the .exe extension. It also deletes the files with .mp3 and .avi extensions.

Technical details are at this Symantec page.

Worm Exploits Microsoft Vulnerability

W32/Cycle.worm is a worm that spreads by exploiting a Microsoft Windows vulnerability [MS04-011 vulnerability (CAN-2003-0533)].

The worm copies itself to the Windows system directory as SVCHOST.EXE, for example:

%SysDir%\SVCHOST.EXE

It installs itself as a service (“Host Service”) on the victim machine:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\ Services\Host Service

The service bears the following characteristics:
Display name: Host Service
Image path: %SysDir%\SVCHOST.EXE
Startup: automatic

A text file containing a political message is dropped to %WinDir% as CYCLONE.TXT:

%WinDir%\CYCLONE.TXT (3,316 bytes)

A side-effect of the worm is for LSASS.EXE to crash, by default such a system will reboot after the crash occurs.

The following Microsoft update should be installed to be protected from the exploit used by this worm. See this Microsoft page.

This patch has been on the MS windows update site for some time. Everyone should ensure that their OS is fully updated.

David