high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 9 November 2004 14:11:30 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing infected executable files.
More Information
W32/Aegi-A is a virus for the Windows platform. The virus infects EXE files and can spread to local hard disks and floppy drives. W32/Aegi-A is a virus for the Windows platform that infects EXE files.
When first run, W32/Aegi-A infects EXE files on local hard disks and floppy drives. The virus creates a copy of the original EXE file named <filename>.BAK. When this infected file is running, the virus creates a copy of the original file called <filenam_>.EXE.
W32/Aegi-A installs itself in the registry to run on startup by setting the following registry entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ExecLoader =
C:\Explorer.exe /exec
W32/Aegi-A can also create a backdoor on an infected computer to allow access to a remote attacker on port 3223. This attacker can issue commands to display messages or close windows on the compromised computer.
At certains times of the day, W32/Aegi-A will display a message box saying "Computer is very bored, play some music ?" If the user clicks Yes, the virus attempts to infect the local disk drives again.
|
