Aliases: TrojanProxy.Win32.Bobax.a (Kaspersky Lab), Exploit-DcomRpc.gen (McAfee),   W32.Bobax.B (Symantec),   Win32.HLLW.Mixer (Doctor Web),   W32/Bobax-A (Sophos),   Win32/Bobax.A.worm (RAV),   WORM_BOBAX.GEN (Trend Micro),   Worm/Bobax.A (Grisoft),   Win32.HLLW.Bobax.A (SOFTWIN),   Win32/Bobax.A (Eset)
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: active & spreading
Spreading: slow
Geographical info: North and South America, and some parts of Europe,Asia and Australia
Removal: Easy
Platform: W32
Discovered: 17 May 2004
Damage: medium

Characteristics: The W32.Bobax.A program usually targets Microsoft Windows LSASS Buffer Overrun Vulnerability. When this is successfully opened, you may see a copy of itself in your computer Windows System directory. It also tries to delete all of your computer files in your computer’s temporary folders.

More details about W32.Bobax!gen

This worm infects all Windows Operating System known today, including Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP. If the worm has exploited your Microsoft Windows LSASS, the system infected will inculcate it to SVC.EXE. This worm is also known as a backdoor worm which downloads remote files, and lowers the security of the compromised computer settings. Once opened, the virus copies itself to System directory folders using different filenames. It also continuously updates itself and lets it download program spreading it consequently in the infected machine. This uses mass mailing tactics to be carried out from the victim machine. This worm causes your computer and/or laptop to crash and continuously reboot after it crashes. A message saying “LSA Shell Export Version has encountered a problem and needs to close; we are sorry for the inconvenience” is displayed. There are also buttons such as action, send error report, and don’t send buttons. If this window box appears, you may expect that your windows will automatically shut down and there is a time counter for that.

It is also a good practice to use a firewall to block all incoming connections from the Internet to services that should not be publicly available. Always protect your computer by denying all incoming connections and allow only the services you trusted and really know. Passwords creation is also a key in protecting files and programs from viruses. Auto play facility in your computer should be disabled to further prevent the automatic launching of executable files on network and removable drives. File sharing should also be turned off if it is not needed.