Adam Internet

Information about the W32/BugBear worm	21 Nov 2002
The latest virus to hit our screens is W32/BugBear. This new email worm that will infect Windows systems first appeared on 30 September 2002 and since has spread rapidly. Bugbear is a mass-mailing worm. It can spread through network shares and has keystroke-logging and backdoor capabilities. The worm also attempts to terminate the processes of various antivirus and firewall programs. In addition it may flood shared printer resources, which causes them to print garbage or disrupt their normal functionality. The email carrying the worm arrives with a subject, text and senders email address randomly chosen from the infected PC. For this reason, if you do receive the virus, there is little point replying to the “sender” to inform them they have a virus, as it is unlikely to have actually been sent by that email address. The contents of the email will be random text and it will have an attachment with a random filename. The extensions of the file name are often double and can be a combination of .EXE, .PIF, .COM, .BAT, .SCR. The attachment may execute itself if you do not have your system up to date wit the latest Windows Critical Updates. It will certainly try to execute if you open the attachment. Upon execution of the attachment, it copies itself to Windows\System folder. The filename consists of four letters with the first character being 'F', with the extension .EXE . It then tries to propagate via email and open network shares. It modifies the registry at the following location to load itself during the next start-up. Prevention Prevention is always better than cure. To reduce the possibility of damage from this and other viruses keep your anti-virus software up to date, never open an attachment unless you know what it is and, if you use a Windows system, make sure you regularly download the Microsoft Critical Updates to fix system vulnerabilities that viruses are designed to exploit. Cure If the worst has already happened and you believe you have already got the Bugbear virus, you can download a Removal Tool (CLICK HERE) Once you download the removal tool, close all programs and disconnect from the Internet before running it. After running it, shut your computer down, restart and run it again to ensure the virus is removed.

Information about the W32/BugBear worm

21 Nov 2002

The latest virus to hit our screens is W32/BugBear. This new email worm that will infect Windows systems first appeared on 30 September 2002 and since has spread rapidly.

Bugbear is a mass-mailing worm. It can spread through network shares and has keystroke-logging and backdoor capabilities. The worm also attempts to terminate the processes of various antivirus and firewall programs. In addition it may flood shared printer resources, which causes them to print garbage or disrupt their normal functionality.

The email carrying the worm arrives with a subject, text and senders email address randomly chosen from the infected PC. For this reason, if you do receive the virus, there is little point replying to the “sender” to inform them they have a virus, as it is unlikely to have actually been sent by that email address.

The contents of the email will be random text and it will have an attachment with a random filename. The extensions of the file name are often double and can be a combination of .EXE, .PIF, .COM, .BAT, .SCR.

The attachment may execute itself if you do not have your system up to date wit the latest Windows Critical Updates. It will certainly try to execute if you open the attachment.

Upon execution of the attachment, it copies itself to Windows\System folder. The filename consists of four letters with the first character being 'F', with the extension .EXE . It then tries to propagate via email and open network shares. It modifies the registry at the following location to load itself during the next start-up.

Prevention
Prevention is always better than cure. To reduce the possibility of damage from this and other viruses keep your anti-virus software up to date, never open an attachment unless you know what it is and, if you use a Windows system, make sure you regularly download the Microsoft Critical Updates to fix system vulnerabilities that viruses are designed to exploit.

Cure
If the worst has already happened and you believe you have already got the Bugbear virus, you can download a Removal Tool (CLICK HERE)

Once you download the removal tool, close all programs and disconnect from the Internet before running it. After running it, shut your computer down, restart and run it again to ensure the virus is removed.

Adam News Archive

Back

Adam News Archive

CONTACT US | ABOUT | CAREERS | LEGAL