high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 18 May 2007 23:51:39 (GMT) |
| Detected by | All Sophos products |
Sophos beta program
- Endpoint Security and Control 9.0
- Small business solutions 4.0
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Stration-NZ is a worm for the Windows platform which spreads via email.
W32/Stration-NZ is a worm for the Windows platform which spreads via email.W32/Stration-NZ includes functionality to silently download, install and run new software.
When W32/Stration-NZ is installed the following files are created:
<System>\certmsje.dll
<System>\dpl1npwm.dat
<System>\dpl1npwm.dll
<System>\dpl1npwm.exe
<System>\psapuman.exe
<System>\psnppack.dll
The files certmsje.dll, psapuman.exe and psnppack.dll are detected as W32/Strati-Gen.
The following registry entries are created to run code exported by dpl1npwm.dll on startup:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dpl1npwm
DllName
<System>\dpl1npwm.dll
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dpl1npwm
Startup
WlxStartupEvent
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dpl1npwm
Impersonate
0
Sophos's anti-virus products include Behavioral Genotype® Protection, which can proactively guard against new threats without requiring an update. Sophos customers have been protected against W32/Stration-NZ (detected as Mal/Packer) since version 4.10.
|
