high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 24 January 2007 01:43:15 (GMT) |
| Last updated | 15 March 2007 06:40:39 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Culler-A is a worm for the Windows platform that spreads via MSN Messenger.
W32/Culler-A includes functionality to access the internet and communicate with a remote server via HTTP.
W32/Culler-A attempts to terminate and disable various security software applications and Windows processes such as Task Manager, regedit and cmd.exe.
When first run, W32/Culler-A will display the following error message:
'Component "COMDLG32.OCX" or one of its dependencies no correctly registered a file is missing or invalid.'
It then copies itself to:
W32/Culler-A attempts to download and execute files from a remote location. At the time of writing, these files were unavailable for download.
The worm sets the following registry entries to run at system startup:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
AVantivirus
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Servicewin
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
System
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
WinService
W32/Culler-A sets the following registry entry:
HKCU\Software\VB and VBA Program Settings\SysUpdate\sistema
Marcar
1
|
