high
Summary
Summary
Action- More Information
| Detected by | All Sophos products |
|---|---|
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
Please follow the instructions for removing W32/Deborm-Y.
More Information
W32/Deborm-Y is a network worm which searches for shares on the local IP subnet. If a share is found the worm may attempt to copy itself to one of the following folders in the shares so that it is executed every time the infected computer is restarted:
windows\start menu\programs\startup
documents and settings\all users\start menu\programs\startup
winnt\profiles\all users\start menu\programs\startup
W32/Deborm-Y may also add some of the following registry entries, containing the name of the worm file so that it is run each time Windows is started:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\
"LSASS" = "<full file pathname>"
"CSRSS" = "<full file pathname>"
"RPCSS" = "<full file pathname>"
"JDBGMGR" = "<full file pathname>"
"NAVSVC" = "<full file pathname>"
"Live Update" = "<full file pathname>"
"Task Manager" = "<full file pathname>"
"NAV Agent" = "<full file pathname>"
"Synchronization Manager" = "<full file pathname>"
"POINTER" = "<full file pathname>"
|
