The Web    Google
5/6: Bakaver.A Infects Portable Drives

5/6: Bakaver.A Infects Portable Drives
May 6, 2005
W32.Bakaver.A is a polymorphic virus that infects portable executable files, according to anti-virus software vendor Symantec.

When the virus is executed, it performs the following actions:

1. Drops the file %Windir%\Baka.wav. (Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.)

2. Modifies the value:

"(Default)" = "%Windir%\Baka.wav" in the registry subkey:


so that the Windows sound is modified.

If a suitable executable file is found, the virus will infect it by injecting its code into the executable and modifying the entry point of the file. The viral code may be placed anywhere within the file, but is executed after the host executable code is finished running.

This virus is regarded as a low threat that is easy to contain and remove. Technical details can be found on Symantec page.

  • 6/3: Agobot-SU Controlled by IRC Bot
  • Web Services Security in .NET
  • 3/18: Agent.E Trojan Acts as HTTP Proxy
  • 3/30: Anicmoo-C Trojan Arrives in Package
  • 4/7: Rbot-AAF Worm Hits Network Shares
  • Check Point Appliances Target Small Businesses
  • DOJ Scores First Criminal P2P Convictions
  • Vericept Adds Fraud, Identity Theft Protection
  • Global content security player establishes U.S. beachhead
  • 9/16: Evaman-D Worm Kills Active Processes
  • 10/12: Forbot-AZ Worm Has Backdoor
  • Security Camera Industry Information