high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 11 September 2006 20:25:53 (GMT) |
| Last updated | 18 September 2006 19:21:45 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Stration-X is a mass-mailing worm for the Windows platform.
Mails sent by the worm have the following characteristics:
Subject line: chosen from a list including
Mail server report.
Mail Transaction Failed
Error
Status
hello.
Message text: chosen from a list including
The message contains Unicode characters and has been sent as a binary attachment.
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
Mail transaction failed. Partial message is available. W32/Stration-X is a mass-mailing worm for the Windows platform.
Mails sent by the worm have the following characteristics:
Subject line: one of
Mail server report.
Mail Transaction Failed
Error
Status
hello.
Good day
Message text: one of
Mail server report.
Our fireweall determined the e-mails containing worm copies are being sent from your computer.
Nowadays it happens from many computers, because this is a new virus type (Network Worms).
Using the new bug in Windows, these viruses infect the computer unnoticeably.
After penetrating into the computer the virus harvest all the e-mail addresses and sends the copies of itself to these e-mail addresses
Please install updates for worm elimination and your computer restoring.
Best regards,
Customers support service
The message contains Unicode characters and has been sent as a binary attachment.
The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.
Mail transaction failed. Partial message is available.
W32/Stration-X includes functionality to download, install and run new software.
When first run W32/Stration-X copies itself to <Windows folder>\tsrv.exe and creates
the following files:
<Windows system folder>\<random>.dll
<Windows system folder>\<random>.exe
<Windows system folder>\<random>.dll
<Windows folder>\tsrv.dll
These four files are also detected as W32/Stration-X.
The following registry entries are created to run tsrv.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
tsrv
<Windows folder>\tsrv.exe s
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
AppInit_DLLs
<path to one of the randomly-named DLLs>
When first run, W32/Stration-X displays the following message:
Title: Information
Message: Update successfully installed.
|
