W32/Looked-DR is a virus and network worm for the Windows platform.
W32/Looked-DR infects files found on the local computer. W32/Looked-DR also copies itself to remote network shares and may infect files found on those shares.
W32/Looked-DR includes functionality to access the internet and communicate with a remote server via HTTP. W32/Looked-DR may attempt to download and execute additional files from a remote location.
When W32/Looked-DR is installed the following files are created:
<Windows>\Logo1_.exe
<Windows>\uninstall\rundl132.exe
The files Logo1_.exe and rundl132.exe are detected as Mal/Behav-085.
The following registry entry is created to run rundl132.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
load
<Windows>\uninstall\rundl132.exe
Sophos's anti-virus products include Behavioral Genotype® Protection, which can proactively guard against new threats without requiring an update. Sophos customers have been protected against W32/Looked-DR (detected as Mal/Behav-085) since version 4.14.
W32/Looked-DR may also create many files with the name "_desktop.ini" in various folders on the infected computer. These files are harmless text files and can be deleted.