Besoin d’aide ? Fais appel à la communauté ou embauche un spécialiste.
Aller à Avira Answers
Alias:I-Worm.Stator.a [AVP], W32/Stator@MM [McAfee], Win32/Stator.Worm [CA], WORM_STATOR.A [Trend], W32/Stator-A [Sophos]
Type:Worm 
Size:62,464 Bytes 
Origin: 
Date:00-00-0000 
Damage:Sent by email. 
VDF Version:6.23.00.00 
Danger:Low 
Distribution:High 

DistributionThe worm tries to contact an SMTP server in Russia and then it sends itself from there. The email contains:
Attachment: Photo1.jpg.pif

Technical DetailsWhen activated, Worm/Stator renames the following files:
Notepad.exe -> Notepad.vxd
Control.exe -> Control.vxd
Mplayer.exe -> Mplayer.vxd
Winhlp32.exe -> Winhlp32.vxd

Then, the worm copies itself in \%WinDIR% directory, as:
Notepad.exe
Control.exe
Mplayer.exe
Winhlp32.exe
Ifnhlp.sys

The worm also copies itself in \%WinDIR%\%SystemDIR% as:
Loadpe.com
Scanregw.exe

It makes the registry entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices ScanRegistry
This entry refers to the worm copy file C:\%WinDIR%\%SystemDIR%\Scanregw.exe.

The worm also makes the registry entry:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\explorer PLC_Region
Description insérée par Crony Walker le mardi 15 juin 2004

Retour . . . .
https:// Cet écran est crypté pour votre sécurité.