high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 12 May 2007 14:16:46 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Uisgon-A is a worm for the Windows platform.
W32/Uisgon-A attempts to copy itself to the root folder and to drop the following clean files:
<Current folder>\sleep.vbe
<Current folder>\inf.tem
<System drive>\ubye.txt
<Root>\uishere-<number>.txt
<Root>\<own filename>.vbe
W32/Uisgon-A attempts to copy the following from a file in the same folder as itself and run it:
<Root>\<non-Roman characters>Beta3.exe
W32/Uisgon-A attempts to delete the following files:
<Root>\Anti-U<non-Roman characters>.bat
<Root>\ReadMe.txt
<Root>\uda-<non-Roman characters>.bat
<Root>\uda.exe
<Root>\uishere-*.txt
<Root>\zap.exe
<Root>\<non-Roman characters>.bat
W32/Uisgon-A sets the following registry entry to run <own filename>.vbe on system startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
vbe
<Root>\<own filename>.vbe
W32/Uisgon-A attempt to copy itself to each of the drives C to Z, to delete any autorun.inf folder, to delete any files with an SK extension, and to drop the following files:
<Drive root>\autorun.inf
<Drive root>\<own filename>.vbe
<Drive root>\<non-Roman characters>Beta3.exe
<Drive root>\<date-related filename>.sk
|
