high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | July 2007 (4.19) |
| Protection available since | 7 June 2007 11:01:18 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/OutLaw-A is a worm for the Windows platform.
When first run W32/OutLaw-A copies itself to:
<RECYCLER>\systems.com
<System>\taskmger.com
The following registry entry is created to run systems.com rundll.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
userd
<RECYCLER>\systems.com
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Userinit
Explorer.exe taskmger.com
Registry Entries are modified under:
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableCMD
0
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableRegistryTools
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
DisableTaskmgr
1
HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System
NoFolderOptions
1
W32/OutLaw-A attempts to periodically copy itself to removeable drives, including floppy drives and USB keys. The worm will attempt to create a hidden file Autorun.inf on the removeable drive and copy itself to the same location. The file Autorun.inf is designed to start the worm once the removeable drive is connected to a uninfected computer.
|
