high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 20 November 2006 04:45:57 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Stration-BQ is a mass-mailing worm for the Windows platform.
W32/Stration-BQ includes functionality to download a file from a remote website and run it. At the time of writing, this downloaded file is also detected as W32/Strati-Gen.
Emails sent by the worm have the following characteristics:
Subject:
'Mail server report'
'picture'
'Mail Transaction Failed'
'Error'
'Status'
'hello'
Message text:
'The message contains Unicode characters and has been sent as a binary attachment'
'The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.'
'Mail transaction failed. Partial message is available.'
'Mail server report.
Our firewall determined the e-mails containing worm copies are being sent from your computer.
Nowadays it happens from many computers, because this is a new virus type (Network Worms).
Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail addresses
Please install updates for worm elimination and your computer restoring.
Best regards,
Customers support service'
W32/Stration-BQ is a mass-mailing worm for the Windows platform.
When run W32/Stration-BQ copies itself to <Windows>\cserv32.exe. W32/Stration-BQ also creates the following files:
<Windows>\cserv32.dat - can be safely deleted
<Windows>\cserv32.s - can be safely deleted
<Windows>\cserv32.wax - can be safely deleted
<System>\e1.dll - detected as W32/Strati-Gen
The following registry entry is set to run W32/Stration-BQ on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
cserv32
<Windows>\cserv32.exe s
The following registry entry is also set to run <System>\e1.dll on startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs
e1.dll
W32/Stration-BQ includes functionality to download a file from a remote website and run it. At the time of writing, this downloaded file is also detected as W32/Strati-Gen.
Emails sent by the worm have the following characteristics:
Subject:
'Mail server report'
'picture'
'Mail Transaction Failed'
'Error'
'Status'
'hello'
Message text:
'The message contains Unicode characters and has been sent as a binary attachment'
'The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.'
'Mail transaction failed. Partial message is available.'
'Mail server report.
Our firewall determined the e-mails containing worm copies are being sent from your computer.
Nowadays it happens from many computers, because this is a new virus type (Network Worms).
Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail addresses
Please install updates for worm elimination and your computer restoring.
Best regards,
Customers support service'
|
