W32/Rizon-B

Aliases	Trojan.Win32.VB.uj W32/Rizon.worm
Category	Viruses and Spyware
Type	Worm
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Included in our products from	July 2005 (3.95)
Protection available since	23 May 2005 12:53:14 (GMT)
Detected by	All Sophos products

W32/Rizon-B is a worm that terminates processes and deletes files. W32/Rizon-B is a worm that terminates processes and deletes files.

W32/Rizon-B attempts to install itself in the Start Menu by copying itself to the following folders:

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\SoundMAX.exe

H:\Windows NT 5.1 Workstation Profile\Menu Start\Programma's\Opstarten\SoundMAX.exe

The worm terminates the following processes:

rclnt.exe
rshelper.exe
srvany.exe
WUOLService.exe
wuser32.exe

W32/Rizon-B deletes the folders C:\NOVELL and C:\progra~1\divace~1 .

The worm makes a copy of the system file cmd.exe named temp.exe in the Windows system folder.

Get reports about the latest virus and spyware threats delivered to your computer