|
|
 |
 |
| |
|
|
|
|
Win32.BugBear.A@mm |
|
|
|
|
( W32/Ganda@MM (McAfee), Ganda (F-Secure) ) |
|
|
|
|
 |
Spreading :
Damage :
Size :
Discovered : |
MEDIUM
MEDIUM
12,832 bytes
2003 Nov 14 |
|
|
|
|
SYMPTOMS:
- most common the network printers or local shared printers begin to print the ASCII format of the virus;
- the presence of any emails or files mentioned in the technical description;
Removal instructions:
The BitDefender Virus Analyse Team has releasead a free removal tool for this particular virus.
Important: You will have to close all applications before running the tool (including the antivirus shields) and to restart the computer afterwards. Additionally you'll have to manually delete the infected files located in archives and the infected messages from your mail client.
The BitDefender AntiBugBear tool does the following:
- it delets all the files created by Win32.BugBear.A@mm;
- it deletes the files created by Trojan.KeyLogger.BugBear.A;
- it kills the process from memory;
- it repairs the Windows registry.
You may also need to restore the affected files.
For preventing this virus to use the IFRAME exploit apply the patch Microsoft released
for Internet Explorer 5.0 and 5.5.
To prevent the virus from replicating itself from infected machines to clean machines, you should try to disinfect all computers in the network before rebooting any of them, or unplug the network cables.
If you are running Windows 95/98/Me you will have to apply the following patch provided by Microsoft to stop the virus from using the Share Level Password vulnerability.
ANALYZED BY:
Sorin Victor Dudea BitDefender Virus Researcher |
|
|
 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
:: AntiVirus Search :: |
|
|
|
|
|
|
|
|
|
|
|
|
 |
|
/spacer.gif){kind=spacer}
