W32/Stration-AG

Aliases	Email-Worm.Win32.Warezov.df Win32/Stration.KH WORM_STRAT.DR Email-Worm.Win32.Warezov.cz Win32/Stration.HZ
Category	Viruses and Spyware
Type	Worm
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


How it spreads	Email attachments
Affected operating systems	Windows
Characteristics	Installs itself in the registry
Included in our products from	May 2007 (4.17)
Protection available since	23 October 2006 22:04:49 (GMT)
Last updated	18 March 2007 01:16:00 (GMT)
Detected by	All Sophos products

W32/Stration-AG is a worm for the Windows platform.

W32/Stration-AG may spread by email.

W32/Stration-AG includes functionality to access the internet and communicate with a remote server via HTTP.

When W32/Stration-AG is installed the following files are created:

<Windows system folder>\iuennwcf.dll
<Windows system folder>\kbdfwshe.exe
<Windows system folder>\w3sskbda.dll

These files are all detected as components of W32/Stration-AG.

The following registry entry is created in order to run w3sskbda.dll on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
AppInit_DLLs
w3sskbda.dll

Get reports about the latest virus and spyware threats delivered to your computer