high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 22 December 2005 09:17:15 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Bropia-U is a worm for the Windows platform.
W32/Bropia-U spreads via file sharing on P2P networks.
W32/Bropia-U includes functionality to access the internet and communicate with a remote server via HTTP.
When run, W32/Bropia-U copies itself to:
<Windows>\cgiagent.exe
<System>\cgiagent.exe
<System>\ngen\bot editor.exe
<System>\ngen\brute force.exe
<System>\ngen\brutus.exe
<System>\ngen\cc generator.exe
<System>\ngen\character editor.exe
<System>\ngen\credit card.exe
<System>\ngen\game editor.exe
<System>\ngen\icon editor.exe
<System>\ngen\intro.exe
<System>\ngen\microsoft keygen.exe
<System>\ngen\sub7 editor.exe
and creates the file <System>\fatpammy.exe. The file fatpammy.exe is detected by Sophos as W32/Bropia-U.
When run, W32/Bropia-U sets the following registry entries:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
CGI Firewall Script
CGIAGENT.EXE
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CGI Firewall Script
CGIAGENT.EXE
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Shell
explorer.exe cgiagent.exe
HKCU\Software\Kazaa\LocalContent
012345:
<System>\ngen
|
