W32/Updatr.B@mm
| W32/Updatr.B@mm |
Destructivity:  Spreading:  Overall risk:
|
| • Detected by virus detection files published: 12/11/2001 | • Type: Worm |
| • Virus characteristics first published: 12/11/2001 | • Spreading mechanism: Email |
| • Virus characteristics latest update: 12/17/2003 | • Overall risk: Low |
| • Alias: | • Payload: Installs annoying script worm |
| • Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista |
| Virus type |
Spreading mechanism |
Destructivity and payload |
Additional descriptions |
Detection and removal |
||||||||||
|
This is a variant of the W32/Updatr.A worm. At the time of this writing, Norman has received one single confirmed report of Updatr.B from an infected user. This variant is 13632 bytes long, and instead of being packed with UPX it is packed using a compression utility called Petite. When run it will copy itself to the Windows directory under the name UPDATE.EXE, and set the registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Run Update = C:\WINDOWS\UPDATE.EXE This has the effect that the worm is executed on startup. It will also copy a small Visual Basic script worm, VBS/Updatr.A, to the startup directory. |
||||||||||||||