Win32/Bajos [Threat Name] go to Threat

Win32/Bajos.A [Threat Variant Name]

Category worm
Size 15360 B
Aliases Virus.Win32.HLLW.Trabos.a (Kaspersky)
  Worm:Win32/Bajos.A (Microsoft)
  W32.Bajos (Symantec)
Short description

Win32/Bajos.A is a worm that spreads by copying itself into certain folders. The file is run-time compressed using UPX .

Installation

The worm creates the following files:

  • C:\­windows\­system\­command.com (15360 B, Win32/Bajos.A)

In order to be executed on every system start, the modifies the following Registry key:

  • [HKEY_LOCAL_MACHINE\­SOFTWARE\­Microsoft\­Windows\­CurrentVersion\­RunServices]
    • "u" = "C:\­windows\­system\­command.com"
Spreading

The worm may create copies of itself using the following filenames:

  • a:\­trabajos.exe
Other information

The worm hides windows of running processes which contain any of the following strings in their title:

  • editor del registro
  • programa de configuraciĆ³

Please enable Javascript to ensure correct displaying of this content and refresh this page.