W32/Stration-BQ is a mass-mailing worm for the Windows platform.
W32/Stration-BQ includes functionality to download a file from a remote website and run it. At the time of writing, this downloaded file is also detected as W32/Strati-Gen.
Emails sent by the worm have the following characteristics:
Subject:
'Mail server report'
'picture'
'Mail Transaction Failed'
'Error'
'Status'
'hello'
Message text:
'The message contains Unicode characters and has been sent as a binary attachment'
'The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.'
'Mail transaction failed. Partial message is available.'
'Mail server report.
Our firewall determined the e-mails containing worm copies are being sent from your computer.
Nowadays it happens from many computers, because this is a new virus type (Network Worms).
Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail addresses
Please install updates for worm elimination and your computer restoring.
Best regards,
Customers support service'
W32/Stration-BQ is a mass-mailing worm for the Windows platform.
When run W32/Stration-BQ copies itself to <Windows>\cserv32.exe. W32/Stration-BQ also creates the following files:
<Windows>\cserv32.dat - can be safely deleted
<Windows>\cserv32.s - can be safely deleted
<Windows>\cserv32.wax - can be safely deleted
<System>\e1.dll - detected as W32/Strati-Gen
The following registry entry is set to run W32/Stration-BQ on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
cserv32
<Windows>\cserv32.exe s
The following registry entry is also set to run <System>\e1.dll on startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs
e1.dll
W32/Stration-BQ includes functionality to download a file from a remote website and run it. At the time of writing, this downloaded file is also detected as W32/Strati-Gen.
Emails sent by the worm have the following characteristics:
Subject:
'Mail server report'
'picture'
'Mail Transaction Failed'
'Error'
'Status'
'hello'
Message text:
'The message contains Unicode characters and has been sent as a binary attachment'
'The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.'
'Mail transaction failed. Partial message is available.'
'Mail server report.
Our firewall determined the e-mails containing worm copies are being sent from your computer.
Nowadays it happens from many computers, because this is a new virus type (Network Worms).
Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail addresses
Please install updates for worm elimination and your computer restoring.
Best regards,
Customers support service'