high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | September 2007 (4.21) |
| Protection available since | 1 August 2007 06:25:27 (GMT) |
| Last updated | 7 August 2007 18:40:51 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for disinfecting PE executables.
Please read the instructions for removing W32/Looked-DR .
More Information
W32/Looked-DR is a virus and network worm for the Windows platform.
W32/Looked-DR infects files found on the local computer. W32/Looked-DR also copies itself to remote network shares and may infect files found on those shares.
W32/Looked-DR includes functionality to access the internet and communicate with a remote server via HTTP. W32/Looked-DR may attempt to download and execute additional files from a remote location.
When W32/Looked-DR is installed the following files are created:
<Windows>\Logo1_.exe
<Windows>\uninstall\rundl132.exe
The files Logo1_.exe and rundl132.exe are detected as Mal/Behav-085.
The following registry entry is created to run rundl132.exe on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
load
<Windows>\uninstall\rundl132.exe
Sophos's anti-virus products include Behavioral Genotype® Protection, which can proactively guard against new threats without requiring an update. Sophos customers have been protected against W32/Looked-DR (detected as Mal/Behav-085) since version 4.14.
W32/Looked-DR may also create many files with the name "_desktop.ini" in various folders on the infected computer. These files are harmless text files and can be deleted.
|
