TrojanProxy.Win32.Bobax.a (Kaspersky Lab), Exploit-DcomRpc.gen (McAfee), W32.Bobax.B (Symantec), Win32.HLLW.Mixer (Doctor Web), W32/Bobax-A (Sophos), Win32/Bobax.A.worm (RAV), WORM_BOBAX.GEN (Trend Micro), Worm/Bobax.A (Grisoft), Win32.HLLW.Bobax.A (SOFTWIN), Win32/Bobax.A (Eset)
Category: Computer Worm
active & spreading
North and South America, and some parts of Europe,Asia and Australia
17 May 2004
The W32.Bobax.A program usually targets Microsoft Windows LSASS Buffer Overrun Vulnerability. When this is successfully opened, you may see a copy of itself in your computer Windows System directory. It also tries to delete all of your computer files in your computer’s temporary folders.
W32.Bobax!gen Removal Tool
If you have Malware on your computer it will cause annoyances and will damage your system. You should either:
A. Manually remove the infected files from your computer, or
B. Automatically scan your system using trusted software
We recommend that you scan your system for malware. Our partner has a computer worm removal tool to automatically clean W32.Bobax!gen from your computer.
More details about W32.Bobax!gen
This worm infects all Windows Operating System known today, including Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003 and Windows XP. If the worm has exploited your Microsoft Windows LSASS, the system infected will inculcate it to SVC.EXE. This worm is also known as a backdoor worm which downloads remote files, and lowers the security of the compromised computer settings. Once opened, the virus copies itself to System directory folders using different filenames. It also continuously updates itself and lets it download program spreading it consequently in the infected machine. This uses mass mailing tactics to be carried out from the victim machine. This worm causes your computer and/or laptop to crash and continuously reboot after it crashes. A message saying “LSA Shell Export Version has encountered a problem and needs to close; we are sorry for the inconvenience” is displayed. There are also buttons such as action, send error report, and don’t send buttons. If this window box appears, you may expect that your windows will automatically shut down and there is a time counter for that.
It is also a good practice to use a firewall to block all incoming connections from the Internet to services that should not be publicly available. Always protect your computer by denying all incoming connections and allow only the services you trusted and really know. Passwords creation is also a key in protecting files and programs from viruses. Auto play facility in your computer should be disabled to further prevent the automatic launching of executable files on network and removable drives. File sharing should also be turned off if it is not needed.