Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

W32/Floppy-B

Mar 16, 2004 12:46AM PST

Aliases
TROJ_WINDANG.A

Type
Win32 executable file virus

Description
W32/Floppy-B is a prepending virus that periodically infects files on the floppy drive which have a DOC extension.
W32/Floppy-B copies itself to the Windows folder as the file Lsass.exe and sets the following registry entry to ensure that it will be executed on system logon:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Winlogon
= <Windows>\Lsass.exe

W32/Floppy-B also drops GeDzac.mlh to the Windows system folder. GeDzac.mlh is used by W32/Floppy-B to store a counter value.

http://www.sophos.com/virusinfo/analyses/w32floppyb.html

Discussion is locked