Selected viruses, spyware, and other threats: sorted alphabetically
Aliases:Email-Worm.Win32.Warezov.gen (Kaspersky), W32/Stration@MM (McAfee), W32.Stration@mm (Symantec)
This text describes a family of worms. As there are many different variants of Win32/Stration, some properties may vary.
When executed, the worm copies itself in the %windir% folder. Several other files are dropped in the following folders:
The following Registry entries are set:
The entries contain path to worm executables.
A Notepad window with random text may be displayed.
Spreading via e-mail
E-mail addresses for further spreading are searched for in local files. Subject of the message may be one of the following:
Mail Delivery System
Mail server report.
Mail Transaction Failed
Body of the message may be one of the following:
Mail transaction failed. Partial message is available.
The message contains Unicode characters and has been sentas a binary attachment.
The message cannot be represented in 7-bit ASCII encodingand has been sent as a binary attachment
Mail server report.
Our firewall determined the e-mails containing worm copies are being sent from your computer.
Nowadays it happens from many computers, because this is a new virus type (Network Worms).
Using the new bug in the Windows, these viruses infect the computer unnoticeably.
After the penetrating into the computer the virus harvests all the e-mail addresses and sends the copies of itself to these e-mail
Please install updates for worm elimination and your computer restoring.
Customers support service
The attachment is either an executable of the worm, or a ZIP archive containing it. Its filename may be one of the following:
The "abcd" stands for a variable four digit number. If an archive is attached, the name has the following extension:
If an executable is attached, a double extension may be used. The first is one of the following:
The second is one of the following:
The worm terminates various security related applications.
The worm contains a list of URLs. It tries to download several files from the addresses. The files are then executed.
© 1992-2006 Eset s.r.o. All rights reserved. No part of this encyclopedia may be reproduced, transmitted or used in any other way in any other form or by any means without prior permission from Eset.