Sophos

W32/Looked-AB

Aliases
  • Trojan-PSW.Win32.Delf.qo
  • Win32/Viking.AT
  • W32/HLLP.Philis.ba
  • PE_LOOKED.FY-O
  • W32.Looked.P
Category
Type
What to do
Prevalence low high

Summary

 
How it spreads
  • Infected files
Affected operating systems Windows
Characteristics
  • Installs itself in the registry
Protection available since 30 September 2006 14:25:11 (GMT)
Detected by All Sophos products
Download Free virus scan
Download the Threat Detection Test
  • Free virus, spyware, and adware scan
  • Test your existing anti-virus protection
  • Find threats your anti-virus missed

Action

More Information

W32/Looked-AB is a virus for the Windows platform.

The virus infects EXE files found on the infected computer and attempts to spread to remote network shares with weak passwords.

When first run the virus copies itself to <Windows>\rundl132.exe and creates a file <Windows>\Dll.dll, also detected as W32/Looked-AB. This file attempts to download further executable code. W32/Looked-AB is a virus for the Windows platform.

The virus infects EXE files found on the infected computer and attempts to spread to remote network shares with weak passwords.

When first run the virus copies itself to <Windows>\rundl132.exe and creates a file <Windows>\Dll.dll, also detected as W32/Looked-AB. This file attempts to download further executable code.

The following registry entry is created to run rundl132.exe on startup:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
load
<Windows>\rundl132.exe

Many files with the name "_desktop.ini" are created, in various folders on the infected computer. These files are harmless text files.

RSS|Atom
Get reports about the latest virus and spyware threats delivered to your computer