The Web    Google
5/6: Bakaver.A Infects Portable Drives

5/6: Bakaver.A Infects Portable Drives
May 6, 2005
W32.Bakaver.A is a polymorphic virus that infects portable executable files, according to anti-virus software vendor Symantec.

When the virus is executed, it performs the following actions:

1. Drops the file %Windir%\Baka.wav. (Note: %Windir% is a variable that refers to the Windows installation folder. By default, this is C:\Windows or C:\Winnt.)

2. Modifies the value:

"(Default)" = "%Windir%\Baka.wav" in the registry subkey:


so that the Windows sound is modified.

If a suitable executable file is found, the virus will infect it by injecting its code into the executable and modifying the entry point of the file. The viral code may be placed anywhere within the file, but is executed after the host executable code is finished running.

This virus is regarded as a low threat that is easy to contain and remove. Technical details can be found on Symantec page.

  • 4/7: Rbot-AAF Worm Hits Network Shares
  • Cisco Warns of Voice Product Security Flaws
  • New nCipher Product Targets Online Payment Card Fraud
  • 6/28: Backdoor-CCL Running Wild
  • 8/2: MyDoom-P Sends Spoofed Emails
  • 7/9: HacDef-F a New Backdoor Trojan
  • Will Sobig Strike Again?
  • 4/12: Mytob-AR Yet Another Variant
  • Mass-Mailing Worm Copies Itself to Windows Folder
  • 10/21: Rbot-NG Worm Spreads Remotely
  • Buffer Overflows Patched in RealPlayer
  • Security Camera Companies and products