high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 22 February 2005 09:44:09 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
- To renable DCOM you can edit the registry, but it's better to use Dcomcnfg.exe. See Microsoft article 825750 for details.
- The HKLM\SYSTEM\CurrentControlSet\Control\Lsa\restrictanonymous = "1" setting does not allow enumeration of SAM accounts and names. The default is "0". It can be changed in Local Security Policy. See Microsoft article 246261 for details.
More Information
W32/Bropia-P is a worm for the Windows platform.
The worm monitors the status of MSN Messenger and sends a copy of itself to Messenger contacts.
W32/Bropia-P drops a file to the Windows system folder named winis.exe which is detected by Sophos's anti-virus products as W32/Rbot-WI. W32/Bropia-P is a worm for the Windows platform.
When first run, the W32/Bropia-P worm displays a pornographic image of a young woman. The image appears to be of the same woman as displayed by the W32/Bropia-O worm. The worm can also copy itself to the root folder as exe.exe.
 |
| The image displayed by the W32/Bropia-P worm. |
The worm monitors the status of MSN Messenger and sends a copy of itself to Messenger contacts.
W32/Bropia-P will also set the following registy entries:
HKLM\SOFTWARE\Microsoft\Ole
EnableDCOM
N
HKLM\SYSTEM\ControlSet001\Control\Lsa
restrictanonymous
1
W32/Bropia-P drops a file to the Windows system folder named winis.exe which is detected by Sophos's anti-virus products as W32/Rbot-WI.
|
