W32/GetCodec-A

Category	Viruses and Spyware
Type	Worm
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary

Summary
Action
More Information


Affected operating systems	Windows
Protection available since	17 July 2008 06:42:35 (GMT)
Last updated	14 October 2009 22:11:15 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

Free virus, spyware, and adware scan
Test your existing anti-virus protection
Find threats your anti-virus missed

Action

Summary
Action
More Information

Please follow the instructions for removing worms.

More Information

Summary
Action
More Information

W32/GetCodec-A is a worm for the Windows platform.

When run, the worm sets the following registry entries:

HKCU\Software\Microsoft\PIMSRV\

HKCU\Software\Microsoft\MediaPlayer\Preferences\
URLAndExitCommandsEnabled
0

HKCU\Software\Microsoft\MediaPlayer\Player\Extensions\.mp3\
Permissions
33

The worm has the functionalities to:

- Search the infected computer for files with the extension of .mp3, .wmv, .wma .mp2 and .mp3
- Convert the located files to wma format without modifying the original filename and extension
- Insert the functionality to download code from a remote website into the converted wma format files.

Get reports about the latest virus and spyware threats delivered to your computer

In this section

Sophos blogs

W32/GetCodec-A

Summary

Action

More Information