Virus:W32/Bakaver
Date discovered:17/07/2006
Type:File infector
In the wild:Yes
Reported Infections:Low
Distribution Potential:Low
Damage Potential:Low
Static file:No
IVDF version:6.35.00.174 - Monday, July 17, 2006

 General Method of propagation:
• Infects files


Aliases:
   •  Symantec: W32.Bakaver.A
   •  Mcafee: W32/Bakaver
   •  Kaspersky: Virus.Win32.Bakaver.c
   •  Eset: Win32/Bakaver
   •  Bitdefender: Win32.Bakaver.D


Platforms / OS:
   • Windows 95
   • Windows 98
   • Windows 98 SE
   • Windows NT
   • Windows ME
   • Windows 2000
   • Windows XP
   • Windows 2003


Side effects:
   • Drops a file
   • Registry modification

 Files The following file is created:

– Non malicious file:
   • %WINDIR%\Baka.wav

 File infection Infector type:

Embedded - The virus inserts its code throughout the file (in one or more places).


Self Modification:

Polymorphic - The entire virus code changes from one infection to another. The virus contains a polymorphic engine.


Method:

This direct-action infector actively searches for files.


Ignores files that:

Contain any of the following strings in their name:
   • 0
   • 2
   • 4
   • 9
   • AVP
   • SCAN
   • FINDVI
   • F-

Are smaller than: 65536 Bytes


The following files are infected:

Files in any of the following directories:
   • %current directory%

 Registry The following registry key is added:

– HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\.Default\AppGPFault\
   .Current\
   • "[Default]" = "%WINDIR%\Baka.wav"

Description inserted by Razvan Olteanu on Friday, February 5, 2010
Description updated by Andrei Ivanes on Monday, February 8, 2010

Back . . . .