W32/Badtrans.A@mm

Download VIRUSfighter NOW
W32/Badtrans.A@mm Destructivity: Spreading: Overall risk:
  
• Detected by virus detection files published: 11/24/2001 • Type: Worm
• Virus characteristics first published: 11/24/2001 • Spreading mechanism: Email
• Virus characteristics latest update: 12/17/2003 • Overall risk: Low
• Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista  

Virus type Spreading
mechanism 		Destructivity
and payload 		Additional
descriptions 		Detection
and removal
The worms creates a file called HKK32.EXE in the Windows directory and starts this.
The HKK32 file will in turn create a file called KERN32.EXE, a password stealing trojan, which is placed in the Windows system directory and started. The KERN32.EXE file will again delete the HKK32.EXE file and install itself in the Registry under the HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce Key. This trojan enables the author to get hold of confidential information from compromised systems.
# - A - B - C - D - E - F - G - H - I - J - K - L - M - N - O - P - Q - R - S - T - U - V - W - X - Y - Z
To protect and serve, VirusFighter