high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | July 2007 (4.19) |
| Protection available since | 6 June 2007 08:26:24 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for disinfecting PE executables.
At this time there is no disinfection available for files infected with W32/Saburex-A.
More Information
W32/Saburex-A is a virus for the Windows platform.
W32/Saburex-A attempts to infect all files with extension EXE on all local fixed drives.
W32/Saburex-A will ignore any file in a folder with any of the following strings present:
"win"
"program files"
"documents and"
"_restore"
"music"
W32/Saburex-A attempts to infect all files with extension EXE on all local fixed drives.
W32/Saburex-A will ignore any file in a folder with any of the following strings present:
"win"
"program files"
"documents and"
"_restore"
"music"
W32/Saburex-A attempts to create the following files:
<Temp>\~DF1CD8.tmp - detected by W32/Saburex-A
<Temp>\001.bat - harmless, may be deleted
The virus may set the following registry entry, enabling it to run when any executable is run:
HKCU\Software\Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InProcServer32
<default>
ole16.dll
HKCU\Software\Classes\CLSID\{00021401-0000-0000-C000-000000000046}\InProcServer32
ThreadingModel
both
|
