Win32/Bajos [Threat Name] go to Threat
Win32/Bajos.A [Threat Variant Name]
Category | worm |
Size | 15360 B |
Aliases | Virus.Win32.HLLW.Trabos.a (Kaspersky) |
Worm:Win32/Bajos.A (Microsoft) | |
W32.Bajos (Symantec) |
Short description
Win32/Bajos.A is a worm that spreads by copying itself into certain folders. The file is run-time compressed using UPX .
Installation
The worm creates the following files:
- C:\windows\system\command.com (15360 B, Win32/Bajos.A)
In order to be executed on every system start, the modifies the following Registry key:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
- "u" = "C:\windows\system\command.com"
Spreading
The worm may create copies of itself using the following filenames:
- a:\trabajos.exe
Other information
The worm hides windows of running processes which contain any of the following strings in their title:
- editor del registro
- programa de configuració