W32/Sharp-A

Category: Viruses and Spyware Protection available since:01 Mar 2002 00:00:00 (GMT)
Type: Win32 executable file virus Last Updated:01 Mar 2002 00:00:00 (GMT)
Prevalence: No Reports

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Sharp-A is a virus that arrives in an email message with the following characteristics:

Subject: Important: Windows update
Message body: Hey, at work we are applying this update because it makes Windows over 50% faster and more secure. I thought I should forward it as you may like it.
Attachment: MS02-010.EXE

When W32/Sharp-A is executed it copies itself to C:\MS02-010.EXE and drops and executes sharp.vbs in the current directory. This file is detected as VBS/Sharp-A. The script sends the email described above to everyone in the Outlook address book.

If the virus detects the Microsoft .NET runtime, it drops and executes the file cs.exe in the Windows directory. This file infects .EXE files with W32/Sharp-A and creates the file sharp.vbs in the Windows startup folder. This file merely displays a message box with the title "Sharp" and the text:

"You're infected with Win32.HLLP.Sharp, written in C#, by Gigabyte/Metaphase"

Message box with title 'Sharp'

The virus also creates the registry key HKLM/Software/Sharp which contains the name of the viral file which was run.

download Try Sophos products for free
Download now

© 1997 - 2013 Sophos Ltd. All rights reserved. Legal Privacy Cookie Information