W32/Badtrans.B@mm
| W32/Badtrans.B@mm |
Destructivity:  Spreading:  Overall risk: 
|
| • Detected by virus detection files published: 11/24/2001 | • Type: Worm |
| • Virus characteristics first published: 11/24/2001 | • Spreading mechanism: Email |
| • Virus characteristics latest update: 12/18/2003 | • Overall risk: Low |
| • Alias: | • Payload: Backdoor functionality |
| • Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista |
| Virus type |
Spreading mechanism |
Destructivity and payload |
Additional descriptions |
Detection and removal |
||||||||||
|
This is a variant of the known Badtrans.A worm, updated with some new tricks. When run, it will copy itself to the Windows system directory under the name KERNEL32.EXE - should not be mistaken for the Windows main library KERNEL32.DLL. It will also set a key in the registry HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\Kernel32 = KERNEL32.EXE in order to execute automatically during startup. |
||||||||||||||