This detection is for a worm.
It attempts to spread to removable drives by creating an autorun.inf file, which will run the worm automatically, if a systems which use the removable drive are set to Autorun.

• This worm adds the following files and registry entries to load itself on startup.

Files:
c:\WINDOWS\system32\amvo.exe
c:\WINDOWS\system32\amvo0.dll

Registry:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
amva = C:\WINDOWS\System32\amvo.exe
 

• This worm changes the following registry values in attempt to change the windows explorer view settings

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
Hidden = 2

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
ShowSuperHidden = 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
CheckedValue = 0
 

• This worm also attempts to create an autorun.inf file on the root any accessible disk volumes.

[Drive]:\autorun.inf
 

• The autorun.inf will reference one of the following files that will also be written to the root of the volume.

(Additional filenames may be found in other variants of this worm)
[Drive]:\xn1i9x.com
[Drive]:\2ifetri.cmd
[Drive]:\x.com
[Drive]:\3wcxx91.cmd
[Drive]:\awda2.exe

This worm may be spread by its intented method of infected removable drives.

Alternatively this may be installed by visiting a malicious web page (either by clicking on a link, or by the website hosting a scripted exploit which installs the worm onto the user's system with no user interaction