VIRUS-W32/Zua Worm
in
W32/Zua is a worm. The worm will infect Windows systems and spreads through removable drives.
The worm will arrive as a dropped file from the network or removable drive. It will modify the system boot up logo and dektop background image.
Upon execution, the worm copies itself as boot.bmp in the Windows folder and PWallpaper.jpg, VisLoader.exe and Wallpaper.jpg in the System32 folder and boot.ini, uos.exe in the System folder.
The worm modifies registry at the following location to load itself during each startup:
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\policies\system\DisableTaskMgr
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\IgnoreShiftOverride
The worm modifies boot.ini file to diplay it's own logo.
The worm is capable of disabling task manager.
It also copies autorun.inf and My_Personal_Data.exe in the removable drives.
This worm first appeared on October 8, 2007.
- pankaj's blog
- Add new comment
- 363 reads
- Email this page
