Home / malware

PDF

Worm:Win32/Copali.B

First posted on 26 June 2014.
Source: Microsoft

Aliases :

There are no other names known for Worm:Win32/Copali.B.

Explanation :

Threat behavior

Installation

Worm:Win32/Copali.B copies itself to c:\z\csrss.exe. The malware creates the following files on your PC:

• c:\z\desktop.ini

Spreads via€¦

Removable drives

Worm:Win32/Copali.B can create the following copies on removable drives, such as USB flash drives:

• :\z\csrss.exe

Payload

Changes system settings

Worm:Win32/Copali.B hides the "Show hidden files and folders" option in the Windows Explorer Folders Options menu by making the following registry change:

Sets value: "CheckedValue"
With data: "0"
In subkey: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL
This malware description was produced and published using automated analysis of file SHA1 123e2f1464f44ad7cbb2a99ac3fe4a6088f51346.Symptoms

System changes

The following could indicate that you have this threat on your PC:

• You have these files:
  
  c:\z\csrss.exe
  c:\z\desktop.ini

• You see these entries or keys in your registry:
  
  Sets value: "CheckedValue"
  With data: "0"
  In subkey: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL

Last update 26 June 2014

 

TOP