Aliases: Virus.Win32.HLLW.Sakao, Win32.HLLW.Sakao, W32/Sakao, W32.Sakao, Win32.HLLW.Sadako.24576
Variants: W32/Sakao-A, Win32/HLLW.Sakao.A, WORM_SAKAO.A, Win32:Sakao, Win32/Sakao.A

Classification: Malware
Category: Computer Virus

Status: Active & Spreading
Spreading: Slow
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 17 Oct 2003
Damage: Low

Characteristics: W32/Sakao is a simple virus, which attempts to propagate via floppy disks. This virus affects Windows Operating System platforms such as Windows 2000, Windows 98, Windows 95, Windows Me, Windows Server 2003, Windows NT, and Windows XP.

More details about W32.Sakao

W32.Sakao is written in MSVisual Basic programming language. The VB run time libraries are required for W32/Sakao to be executed. Due to a bug in its code, the filename and location of its virus should either be C:\WINDOWS\File.exe, a:\Myfile.exe, \Myfile, C:\WINDOWS\Start Menu\Programs\Startup\FindFast.exe, a:\Sadako.exe or \Sadako.exe. Once the system is executed with the virus W32.Sakao, it creates a copy of itself. If the filename and location is C:\WINDOWS\File.exe, it copies itself as a:\Myfile.exe, if it is a:\Myfile.exe, it copies itself as C:\WINDOWS\File.exe, if it is C:\WINDOWS\Start Menu\Programs\Startup\FindFast.exe, it copies itself as a:\Sadako.exe, if it is a:\Sadako.exe it copies itself as: C:\WINDOWS\Start Menu\Programs\Startup\FindFast.exe, if it is \Sadako.exe, it copies itself as C:\WINDOWS\Start Menu\Programs\Startup\FindFast.exe and a:\Sadako.exe. When the process is completed it may attempt to shut down the computer.

The W32.Sakao application receives instructions from the server. It can modify the system settings to disable security options. Installed anti-malware programs may suddenly malfunction due to blocked processes or deleted components. Files in the system may be deleted, moved or edited. Attached devices can be disconnected or turned on without the user’s consent. The W32.Sakao program may also download unwanted files to the system. These are typically installers for other malicious software. These can include adware, spyware, browser hijackers and other Trojan applications.