W32/Floppy-E

Category: Viruses and Spyware Protection available since:10 Jan 2006 00:00:00 (GMT)
Type: Win32 worm Last Updated:10 Jan 2006 00:00:00 (GMT)
Prevalence: Small Number of Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Floppy-E is a worm for the Windows platform.

W32/Floppy-E spreads via file sharing on Peer-to-peer networks. W32/Floppy-E is a worm for the Windows platform.

W32/Floppy-E spreads via file sharing on Peer-to-peer networks.

When first run W32/Floppy-E copies itself to:
<Windows>\calc.exe
<Windows>\config_.com
<Windows>\mscalc.exe
<Windows>\windows.exe
<Windows>\winnt.exe
<Windows>\config_.com
<User>\Recent\New Folder.exe
<User>\SendTo\New Folder.exe
<Startup>\startupFolder.com
<system>\calc.exe
<System drive>\new folder.exe

In addition to the above list, W32/Floppy-E will also create a copy of itself as an EXE file named the same as the parent folder in sub-folders of:

<Program Files>
<User>\Nethood\
<System drive>

Note that all sub-folders of the above locations will be used even if the parent folder has the hidden or system attributes.

W32/Floppy-E will create the file <system drive>\autorun.inf.

W32/Floppy-E will create a copy of itself in the root of all removable drives along with the file autorun.inf to run the replicant upon insertion / connection.

W32/Floppy-E creates the following registry entry to run a copy of itself at startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Explorer5
<Windows>\config_.com

download Try Sophos products for free
Download now

© 1997 - 2012 Sophos Ltd. All rights reserved. Legal Privacy