W32/Looked-AI

Aliases	Worm.Win32.Viking.an Win32/Viking.AZ PE_LOOKED.GP
Category	Viruses and Spyware
Type	Virus
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


How it spreads	Network shares Infected files
Affected operating systems	Windows
Characteristics	Installs itself in the registry
Protection available since	16 October 2006 22:42:53 (GMT)
Detected by	All Sophos products

Free virus scan
Download the Threat Detection Test

W32/Looked-AI is a virus for the Windows platform.

W32/Looked-AI includes functionality to access the internet and communicate with a remote server via HTTP.

W32/Looked-AI also may spread through available network shares W32/Looked-AI is a virus for the Windows platform.

W32/Looked-AI includes functionality to access the internet and communicate with a remote server via HTTP.

W32/Looked-AI also may spread through available network shares.

Upon execution W32/Looked-AI creates the following files:

<Windows>\Dll.dll
<Windows>\Logo1_.exe
<Windows>\rundl132.exe

where Logo1_.exe and rundl132.exe are copies of the virus host, and Dll.dll is a downloading component of the virus.

These files are also detected as W32/Looked-AI.

The following registry entry is created to run rundl132.exe on startup:

HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows
load
<Windows>\rundl132.exe

Registry entries are created under:

HKLM\SOFTWARE\Soft\DownloadWWW\

The virus infects PE EXE files found on the infected computer.

Many files with the name "_desktop.ini" are created, in various folders on the infected computer. These files are harmless text files.

Get reports about the latest virus and spyware threats delivered to your computer