W32/Bugbear.B@mm
| W32/Bugbear.B@mm |
Destructivity:  Spreading:  Overall risk:
|
| • Detected by virus detection files published: 6/5/2003 | • Type: Backdoor, Virus, Worm |
| • Virus characteristics first published: 6/5/2003 | • Spreading mechanism: Network |
| • Virus characteristics latest update: 3/17/2004 | • Overall risk: Medium |
| • Alias: | • Payload: Drops a key logging program |
| • Infection type: Microsoft Windows 95/98/98 SE/ME/NT 4/2000/XP/2003/Vista |
| Virus type |
Spreading mechanism |
Destructivity and payload |
Additional descriptions |
Detection and removal |
||||||||||
Email characteristics:
Similar to many other viruses of late, this one will forge sender address. The virus infects over networks by copying itself to open network shares. It will also infect by overwrite (and thus destroy) the following files (at least): %PROGRAMFILESDIR%\winzip\winzip32.exe %PROGRAMFILESDIR%\kazaa\kazaa.exe %PROGRAMFILESDIR%\ICQ\Icq.exe %PROGRAMFILESDIR%\DAP\DAP.exe %PROGRAMFILESDIR%\Winamp\winamp.exe %PROGRAMFILESDIR%\AIM95\aim.exe %PROGRAMFILESDIR%\Lavasoft\Ad-aware 6\Ad-ware.exe %PROGRAMFILESDIR%\Trillian\Trillian.exe %PROGRAMFILESDIR%\Zone Labs\ZoneAlarm\ZoneAlarm.exe %PROGRAMFILESDIR%\StreamCast\Morpheus\Morpheus.exe %PROGRAMFILESDIR%\QuickTime\QuickTimePlayer.exe %PROGRAMFILESDIR%\WS_FTP\WS_FTP95.exe %PROGRAMFILESDIR%\MSN Messenger\msnmsgr.exe %PROGRAMFILESDIR%\ACDSee32\ACDSee32.exe %PROGRAMFILESDIR%\Adobe\Acrobat 4.0\Reader\AcroRd32.exe %PROGRAMFILESDIR%\CuteFTP\cutftp32.exe %PROGRAMFILESDIR%\Far\Far.exe %PROGRAMFILESDIR%\Outlook Express\msimn.exe %PROGRAMFILESDIR%\Real\RealPlayer\realplay.exe %PROGRAMFILESDIR%\Windows Media Player\mplayer2.exe %PROGRAMFILESDIR%\WinRAR\WinRAR.exe %PROGRAMFILESDIR%\adobe\acrobat 5.0\reader\acrord32.exe %PROGRAMFILESDIR%\Internet Explorer\iexplore.exe %WINDIR%\winhelp.exe %WINDIR%\notepad.exe |
||||||||||||||