high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | February 2006 (4.02) |
| Protection available since | 10 January 2006 11:04:24 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Floppy-E is a worm for the Windows platform.
W32/Floppy-E spreads via file sharing on Peer-to-peer networks. W32/Floppy-E is a worm for the Windows platform.
W32/Floppy-E spreads via file sharing on Peer-to-peer networks.
When first run W32/Floppy-E copies itself to:
<Windows>\calc.exe
<Windows>\config_.com
<Windows>\mscalc.exe
<Windows>\windows.exe
<Windows>\winnt.exe
<Windows>\config_.com
<User>\Recent\New Folder.exe
<User>\SendTo\New Folder.exe
<Startup>\startupFolder.com
<system>\calc.exe
<System drive>\new folder.exe
In addition to the above list, W32/Floppy-E will also create a copy of itself as an EXE file named the same as the parent folder in sub-folders of:
<Program Files>
<User>\Nethood\
<System drive>
Note that all sub-folders of the above locations will be used even if the parent folder has the hidden or system attributes.
W32/Floppy-E will create the file <system drive>\autorun.inf.
W32/Floppy-E will create a copy of itself in the root of all removable drives along with the file autorun.inf to run the replicant upon insertion / connection.
W32/Floppy-E creates the following registry entry to run a copy of itself at startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Explorer5
<Windows>\config_.com
|
