TrendLabs Malware Blog
Glossary
TrendWatch
TrendLabs Twitter
WORM_SETROX.A
Overview
Solution

Malware type: Worm

Aliases: Trojan.Win32.VB.als (Kaspersky), Generic VB (McAfee), Trojan Horse (Symantec), TR/VB.als (Avira), W32/Setrox-A (Sophos), Trojan:Win32/VB (Microsoft)

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:

Damage potential:

 High

Distribution potential:

 High

Infection Channel 1 : Copies itself in all available physical drives

Description: 

This memory-resident worm propagates by listing all existing hard disk drives on the affected system and then dropping a copy of itself in the root folder of the found hard disk drives. It also drops the file, AUTORUN.INF, in the same location. This file ensures that the dropped copy of this worm is automatically executed at every system startup.

When executed, it drops a copy of itself as, rose.exe, in the root folder. It sets its file attributes to System, Read-only, and Hidden to avoid detection. It also drops several components and non-malicious files in certain folders.

For additional information about this threat, see:
Solution
Technical Details

Description created: Apr. 13, 2006 11:30:08 PM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.