W32/Stratio-BW

Aliases	Email-Worm.Win32.Warezov.dq W32/Stration@MM Win32/Stration.KQ worm WORM_STRAT.DV
Category	Viruses and Spyware
Type	Worm
What to do	If you've received an alert for a virus or spyware, then follow the instructions for removing the threat.
Prevalence	low high

Summary


Affected operating systems	Windows
Characteristics	Drops more malware Installs itself in the registry
Included in our products from	February 2007 (4.14)
Protection available since	25 October 2006 13:30:05 (GMT)
Last updated	3 January 2007 08:29:02 (GMT)
Detected by	All Sophos products

W32/Stratio-BW is a worm for the Windows platform.

When W32/Stratio-BW is installed the following files are created:

<System>\audconf.exe
<System>\audmgr32.dll
<System>\audperf.exe
<System>\audprf32.dll
<System>\audstat.dll
<System>\confaud.dll

These files are detected as W32/Stratio-BW.

The following registry entries are created to run code exported by audmgr32.dll on startup:

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\audmgr
DllName
audmgr32.dll

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\audmgr
Impersonate
0

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\audmgr
Startup
WlxStartup

Get reports about the latest virus and spyware threats delivered to your computer