W32/Saburex-A is a virus for the Windows platform.
W32/Saburex-A attempts to infect all files with extension EXE on all local fixed drives.
W32/Saburex-A will ignore any file in a folder with any of the following strings present:
"win"
"program files"
"documents and"
"_restore"
"music"
W32/Saburex-A is a virus for the Windows platform.
W32/Saburex-A attempts to infect all files with extension EXE on all local fixed drives.
W32/Saburex-A will ignore any file in a folder with any of the following strings present:
"win"
"program files"
"documents and"
"_restore"
"music"
W32/Saburex-A attempts to create the following files:
<Temp>\~DF1CD8.tmp - detected by W32/Saburex-A
<Temp>\001.bat - harmless, may be deleted
The virus may set the following registry entry, enabling it to run when any executable is run:
HKCU\Software\Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InProcServer32
<default>
ole16.dll
HKCU\Software\Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InProcServer32
ThreadingModel
both