Content

W32/Trab.worm

Type
Virus
SubType
Floppy Worm
Discovery Date
03/28/2003
Length
196,608
Minimum DAT
4257 (04/09/2003)
Updated DAT
4326 (02/18/2004)
Minimum Engine
5.1.00
Description Added
03/28/2003
Description Modified
04/03/2003 1:24 PM (PT)
Risk Assessment
Corporate User
Low
Home User
Low

Tab Navigation

Characteristics

This is a floppy worm. It was detected as "New Floppy Worm" with heuristic scanning turned on.

When run, the worm copies itself to c:\WINDOWS\SYSTEM\W16OFF.exe. It creates the following registry key in order to run at Windows start up:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    "Spool32" = C:\WINDOWS\SYSTEM\W16OFF.exe

Every 2-3 minutes, the worm copies itself to floppy drive A:. It creates the following files:

  • A:\command.com - the worm itself.
  • c:\WINDOWS\SYSTEM\HTA.doc - word document.
  • A:\TRAP.doc - same word document.
  • c:\listf.vxd - a log file.

Symptoms

Existence of the files and registry keys mentioned above.

Method of Infection

The worm propagates via floppy disk.

Removal

All Users:
Use specified engine and DAT files for detection and removal.

Additional Windows ME/XP removal considerations

Variants

Variants

    N/A

All Information

Overview -

This is a virus detection. Viruses are programs that self-replicate recursively, meaning that infected systems spread the virus to other systems, which then propagate the virus further. While many viruses contain a destructive payload, it's quite common for viruses to do nothing more than spread from one system to another.

Characteristics

Characteristics -

This is a floppy worm. It was detected as "New Floppy Worm" with heuristic scanning turned on.

When run, the worm copies itself to c:\WINDOWS\SYSTEM\W16OFF.exe. It creates the following registry key in order to run at Windows start up:

  • HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    "Spool32" = C:\WINDOWS\SYSTEM\W16OFF.exe

Every 2-3 minutes, the worm copies itself to floppy drive A:. It creates the following files:

  • A:\command.com - the worm itself.
  • c:\WINDOWS\SYSTEM\HTA.doc - word document.
  • A:\TRAP.doc - same word document.
  • c:\listf.vxd - a log file.

Symptoms

Symptoms -

Existence of the files and registry keys mentioned above.

Method of Infection

Method of Infection -

The worm propagates via floppy disk.

Removal -

Removal -

All Users:
Use specified engine and DAT files for detection and removal.

Additional Windows ME/XP removal considerations

Variants

Variants -

    N/A