TROJ_SABUREX.A, W32/Malware.BMRQ, W32/Saburex.A.DLL, W32/Saburex.dll, Win32:Saburex
Virus.Win32.Saburex.a, Virus:Win32/Saburex.A, W32/Saburex, W32/Saburex-A
Category: Computer Virus
Active & Spreading
Asia, North and South America, and some parts of Europe and Australia
05 May 2007
The W32/Saburax.A application is a virus that infects executable files. It affects Windows Operating System platforms such as Windows 98, Windows 95, Windows XP, Windows Me, Windows NT, Windows Server 2003, and Windows 2000.
W32.Saburax.A Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer virus removal tool to automatically clean W32.Saburax.A from your computer.
More details about W32.Saburax.A
The main distribution channel used by the W32.Saburax.A application is the Internet Relay Chat (IRC) network. The remote hacker may take control of the computer by sending commands via the IRC channels. The remote commands may include downloading files, terminating running processes, disabling installed security tools and deleting of stored files. The core components of the application are installed on the System folder. It installs the ole16.dll and shell32.dll files. The same files are transmitted to the shared folders on the network. It will then create registry entries and partially repair the originally infected file and execute it. Next, the virus looks for files with .exe file extensions on the compromised computer and infects them. It avoids infecting files in folders where in contains strings such as win, music, _restore, documents and program file.
Apparently, the W32.Saburax.A application has been specially programmed for facilitating a backdoor access to remote hackers. When the computer system of a user contracts this type of malware, the program could open either a TCP port or an IRC in stealth. What follows is the disabling of the application Windows Firewall. A message which contains the computer’s IP address is then sent to the remote attacker who accesses the computer by means of the opened port. The hacker’s access to the compromised system’s files and data purportedly ranges from fair to complete.