W32/RENADOC.A Virus

Information about the W32/Renadoc.A Virus:

W32/Renadoc.A is a virus. The virus will infect Windows systems and spreads through network or mapped drives.

The virus may arrive as a dropped file from the network or mapped drive.

Upon execution, the virus copies itself as Direct.com in the Windows System folder.

This virus modifies registry at the following location to load itself during each startup.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

It also modifies the following registry keys;

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVerion\Policies\Explorer
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVerion\Explorer\Advanced
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVerion\Policies\System

The virus checks for '.doc' files and overwrites them with a copy of itself. It may spread by overwriting document files that are located in mapped drives.

The virus also disables the following programs;

regedit.exe
taskmgr.exe
msconfig.exe

This virus first appeared on October 23, 2006.


Other names of W32/Renadoc.A Virus:
This virus is also known as W32.Renadoc.A.