W32/Stratio-AY

Please follow the instructions for removing worms.

W32/Stratio-AY is a mass-mailing worm for the Windows platform.

When run the worm will attempt to download components from a remote website which it will then run. W32/Stratio-AY is a mass-mailing worm for the Windows platform.

When run the worm will attempt to download components from a remote website which it will then run.

W32/Stratio-AY creates the following files:

<Windows>\sserrvv.wax(Can be removed safely)
<System>\e1.dll
<Windows>\sserrvv.exe

The following registry entry is created to run the worm on startup:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
sserrvv
<Windows>\sserrvv.exe s

The following registry entry is set:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs
e1.dll

The emails may have the following subject line:

Mail server report.
Server Report
test
Error
hello
picture
Mail Transaction Failed
Status
Mail Delivery System
Good day

The message body may have the following text:

Mail server report.

Our firewall determined the e-mails containing worm copies are being sent from your computer.

Nowadays it happens from many computers, because this is a new virus type (Network Worms).

Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail
addresses

Please install updates for worm elimination and your computer restoring.

Best regards,
Customers support service

The message contains Unicode characters and has been sent
as a binary attachment.

Mail transaction failed. Partial message is available.

The message cannot be represented in 7-bit ASCII encoding and has been sent as a binary attachment.

The attachments may have the following filenames with the extensions of .zip, .cmd, .exe, .pif, .bat, .elm, .pdf:

Update-KB<random 4 numbers>-x86
body
data
docs
file
docs
body
message
test
document
test
test
file
readme