W32.Bakaver.A is a polymorphic virus that infects portable executable files, according to anti-virus software vendor Symantec.
When the virus is executed, it performs the following actions:
1. Drops the file %Windir%\Baka.wav. (Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.)
2. Modifies the value:
"(Default)" = "%Windir%\Baka.wav" in the registry subkey:
HKEY_USERS\.DEFAULT\AppEvents\Schemes\Apps\.Default\AppGPFault\.Current\
so that the Windows sound is modified.
If a suitable executable file is found, the virus will infect it by injecting its code into the executable and modifying the entry point of the file. The viral code may be placed anywhere within the file, but is executed after the host executable code is finished running.
This virus is regarded as a low threat that is easy to contain and remove. Technical details can be found on Symantec page.
5/6: Bakaver.A Infects Portable Drives
