Home / malware

PDF

Worm:Win32/Copali.A

First posted on 26 June 2014.
Source: Microsoft

Aliases :

There are no other names known for Worm:Win32/Copali.A.

Explanation :

Threat behavior

Installation

Worm:Win32/Copali.A copies itself to c:\z\csrss.exe. The malware creates the following files on your PC:

• c:\z\desktop.ini

Spreads via€¦

Removable drives

Worm:Win32/Copali.A can create the following copies on removable drives, such as USB flash drives:

• :\z\csrss.exe

The malware can also create the following files on targeted drives when spreading:

• :\z\desktop.ini

Payload

Changes system settings

Worm:Win32/Copali.A hides the "Show hidden files and folders" option in the Windows Explorer Folders Options menu by making the following registry change:

Sets value: "CheckedValue"
With data: "0"
In subkey: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
This malware description was produced and published using automated analysis of file SHA1 551fb40bc1d9c9bb97b32dd508e414c89480fff5.Symptoms

System changes

The following could indicate that you have this threat on your PC:

• You have these files:
  
  c:\z\csrss.exe
  c:\z\desktop.ini

• You see these entries or keys in your registry:
  
  Sets value: "CheckedValue"
  With data: "0"
  In subkey: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL

Last update 26 June 2014

 

TOP