W32/Stration-NZ

Category:	Viruses and Spyware	Protection available since:	18 May 2007 00:00:00 (GMT)
Type:	Win32 worm	Last Updated:	18 May 2007 00:00:00 (GMT)
Prevalence:

Download our free Virus Removal Tool - Find and remove threats your antivirus missed

W32/Stration-NZ is a worm for the Windows platform which spreads via email.

W32/Stration-NZ is a worm for the Windows platform which spreads via email.

W32/Stration-NZ includes functionality to silently download, install and run new software.

When W32/Stration-NZ is installed the following files are created:

<System>\certmsje.dll
<System>\dpl1npwm.dat
<System>\dpl1npwm.dll
<System>\dpl1npwm.exe
<System>\psapuman.exe
<System>\psnppack.dll

The files certmsje.dll, psapuman.exe and psnppack.dll are detected as W32/Strati-Gen.

The following registry entries are created to run code exported by dpl1npwm.dll on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dpl1npwm
DllName
<System>\dpl1npwm.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dpl1npwm
Startup
WlxStartupEvent

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dpl1npwm
Impersonate
0

Sophos's anti-virus products include Behavioral Genotype® Protection, which can proactively guard against new threats without requiring an update. Sophos customers have been protected against W32/Stration-NZ (detected as Mal/Packer) since version 4.10.

Try Sophos products for free
Download now

W32/Stration-NZ

Free Mac Anti-Virus

Popular topics