high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | February 2007 (4.14) |
| Protection available since | 29 December 2006 03:52:47 (GMT) |
| Last updated | 9 January 2007 04:31:34 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing infected executable files.
More Information
W32/Dref-U is a virus with mass-mailing capability for the Windows platform.
W32/Dref-U spreads to other network computers and via email.
W32/Dref-U includes functionality to access the internet and communicate with a remote server via HTTP. W32/Dref-U is a virus with mass-mailing capability for the Windows platform.
W32/Dref-U spreads to other network computers and via email.
W32/Dref-U includes functionality to access the internet and communicate with a remote server via HTTP.
When first run W32/Dref-U copies itself to <System>\ppl.exe and creates the following registy keys:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
agent
<System>\ppl.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
agent
<System>\ppl.exe
W32/Dref-U sets the following registry entries, disabling the automatic startup of other software:
HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess
Start
4
Note: disabling autostart for the SharedAccess service deactivates the Microsoft Internet Connection Firewall (ICF).
W32/Dref-U may also attempt to drop a randomly named file into the current folder and run it. This file is detected by Sophos as Troj/Dloadr-ANE.
Files infected by W32/Dref-U are detected by Sophos as W32/Dref-L.
|
