Sophos

W32/Stap-A

Aliases
  • Net-Worm.Win32.Stap.f
  • W32.Yourip
Category
Type
What to do
Prevalence low high

Summary

 
How it spreads
  • Network shares
Affected operating systems Windows
Characteristics
  • Installs itself in the registry
Protection available since 10 January 2006 11:04:24 (GMT)
Detected by All Sophos products
Download Free virus scan
Download the Threat Detection Test
  • Free virus, spyware, and adware scan
  • Test your existing anti-virus protection
  • Find threats your anti-virus missed

Action

More Information

W32/Stap-A is a worm for the Windows platform.

W32/Stap-A has the functionalities to:

- spread by network shares
- send mail to email addresses found on the infected computer

When run, W32/Stap-A copies itself as the following files:

<Program files>\Versekulo\readme.exe
<Program files>\Versekulo\src.dll
<Program files>\Versekulo\verse.exe
<Program files>\Versekulo\wers.ocx
<Program files>\kernel32.exe
<Program files>\MSDTC.exe
C:\Yahoo Mgr 2.0_zip.exe
C:\Star Wars_zip
C:\Pictures_zip
C:\Yahoo Mgr 2.0_zip
C:\Chikka_zip
C:\Zuma DEluxe 1.0_zip
C:\The Mystery_zip
<Startup>\Office_view.exe

When run, W32/Stap-A creates the following files:

C:\clog.tmp
C:\plog.tmp
C:\yourip.tmp

The files clog.tmp, plog.tmp and yourip.tmp can be deleted safely.

When run, W32/Stap-A sets the following registry entries:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccrss
<Program files>\MSDTC.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Mstask
<Program files>\MSDTC.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
rundll32
<Program files>\MSDTC.exe

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
verse
<Program files>\Versekulo\verse.exe

HKLM\SOFTWARE\Microsoft
micro
<Date and time of Worm Execution>

RSS|Atom
Get reports about the latest virus and spyware threats delivered to your computer