high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | July 2007 (4.19) |
| Protection available since | 16 May 2007 22:38:29 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/Stap-C is a worm for the Windows platform.
W32/Stap-C has the functionalities to:
- spread by network shares
- send mail to email addresses found on the infected computer
W32/Stap-C is a worm for the Windows platform.
W32/Stap-C has the functionalities to:
- spread by network shares
- send mail to email addresses found on the infected computer
When first run W32/Stap-C copies itself to:
<Root>\Chikka.exe
<Startup>\Office_viewer.exe
<Program Files>\Versekulo\readme.exe
<Program Files>\Versekulo\src.dll
<Program Files>\Versekulo\verse.exe
<Program Files>\Versekulo\wers.ocx
<Program Files>\msdtc.exe
<Program Files>\kernel32.exe
<Root>\kernel32.exe
<Root>\Yahoo Mgr 2.0_zip.exe
<Root>\Star Wars_zip
<Root>\Pictures_zip
<Root>\Yahoo Mgr 2.0_zip
<Root>\Zuma DEluxe 1.0_zip
<Root>\The Mystery_zip
and creates the file <Root>\plog.tmp. This file can be deleted.
The following registry entries are created to run W32/Stap-C on startup:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Mstask
<Root>\kernel32.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
verse
<Program Files>\Versekulo\verse.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
ccrss
<Program Files>\msdtc.exe
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
rundll32
<Program Files>\kernel32.exe
Registry entries are created under:
HKLM\SOFTWARE\Microsoft
|
