high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 26 April 2006 12:37:16 (GMT) |
| Last updated | 8 November 2006 13:21:42 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
Please contact technical support.
More Information
W32/Katomik-B is a worm for the Windows platform.
W32/Katomik-B spreads to other computers through network shares.
When first run W32/Katomik-B copies itself to:
<Windows>\K-set.bmp
<System>\Caspian-x27.exe
<System>\mastoer32.dll
and creates the following files:
\@li-RNo.h.Html
\@li-Rno.H.Bmp
<System>\Micorsoft\rasmnpbs.dll
These html, bmp and Micorsoft\rasmnpbs.dll files are clean and can be deleted.
W32/Katomik-B may change the Desktop wallpaper to @li-Rno.H.Bmp which contains an introduction saying "My Name Is Caspian-X27".
The following registry entry is created to run Caspian-x27.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Caspian-x27
<System>\Caspian-x27.exe
The following registry entries are set, disabling the registry editor (regedit) and the Windows task manager (taskmgr):
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskMgr
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
1
|
