high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Protection available since | 14 December 2004 21:35:55 (GMT) |
| Detected by | All Sophos products |
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
Windows NT/2000/XP/2003
In Windows NT/2000/XP/2003 you will also need to edit the following registry entries. The removal of these entries is optional in Windows 95/98/Me. Please read the warning about editing the registry.
At the taskbar, click Start|Run. Type 'Regedit' and press Return. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
<5 random letters>
<path to worm EXE in system folder>
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
<5 random letters>
<path to worm EXE in system32 folder>
and delete it them if they exist.
Close the registry editor.
More Information
W32/Beaker-A is a mass-mailing worm for the Windows platform.
As a payload, W32/Beaker-A will overwrite several files with a tag reading:
-=breaKer_cUk-
When run, W32/Beaker-A will copy itself to several folders including the system and system32 folders in the Windows folder. In order to run automatically each time a user logs in, W32/Beaker-A will set the following registry entries:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
<5 random letters>
<path to worm EXE in system folder>
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
<5 random letters>
<path to worm EXE in system32 folder>
W32/Beaker-A spreads by sending a ZIP copy of itself to email addresses found on the infected computer.
The email sent by W32/Beaker-A has characteristics chosen from the following lists.
Subject line:
Re:FW:Es ist unm glich, es soviel ...:P zu sein, es zu sehen
Re:FW:Besserer Idiot des Jahres, um es zu sehen
Re:FW:Die schlechtere Sache des Jahres, um es zu sehen
Re:FW:Was wir immer ... wollten:), um es zu sehen
Re:FW:Weil das wert ist, es zu sehen
Re:FW:Es gibt kein Leben ohne Tod ...: (, um es zu sehen
Re:FW:Preis!:D, um es zu sehen
Re:FW:Hilfe bitte!:), um es zu sehen
Re:FW:Besser Witz des Jahres:), um es zu sehen
Re:FW:Besseres Foto des Jahres;), um es zu sehen
Re:FW: impossyvel su-lo tanto... :P, vu-lo
Re:FW:O mas idiota, vu-lo
Re:FW:O pior do ano, vu-lo
Re:FW:O que sempre quisemos... :). vu-lo
Re:FW:Pois vale. vu-lo
Re:FW:Nuo hs vida sem morte... :(, vu-lo
Re:FW:Prumio!!!! :D, vu-lo
Re:FW:Ajuda a ajudar-te... :), vu-lo
Re:FW:Melhor anedota do ano :),vu-lo
Re:FW:Melhor Foto do ano ;), vu-lo
Re:FW:impossibile a sia tanto... :P, vederlo
Re:FW:Idiot migliore dell'anno, vederlo
Re:FW:La cosa pi?ettosa dell'anno, vederla
Re:FW:Che cosa abbiamo desiderato sempre... :), vederli
Re:FW:(none)
Re:FW:Non ci vita senza morte... :(, vederla
Re:FW:Premio! :D, vederlo
Re:FW:Sussidio per favore! :), per vederlo
Re:FW:Scherzo migliore dell'anno:), per vederlo
Re:FW:Foto migliore dell'anno;), per vederla
Re:FW:It is impossible to be it as much... :P, to see it
Re:FW:Better idiot of the year, to see it
Re:FW:The worse thing of the year, to see it
Re:FW:What we always wanted...:), to see it
Re:FW:Because it is worth ,to see it
Re:FW:There is no life without death... :(, to see it
Re:FW:Prize! :D, to see it
Re:FW:Aid please! :), to see it
Re:FW:Better joke of the year:), to see it
Re:FW:Better Photo of the year;), to see it
Re:FW:Il est impossible d' tre cela tant de ...:P, le voir
Re:FW:Le meilleur idiot de l'annue, pour le voir
Re:FW:La chose plus mauvaise de l'annue, pour le voir
Re:FW:Ce que nous voulions toujours... :), pour le voir
Re:FW:Parce qu'il vaut, le voir
Re:FW:Il n'y a aucune vie sans mort... : (, pour le voir
Re:FW:Prix! :D, pour le voir
Re:FW:Aide s'il vous plait! :), pour le voir
Re:FW:Mieux plaisanterie de l'annue :), pour le voir
Re:FW:Meilleure Photo de l'annue;), pour le voir
Re:FW:Es imposible serlo tanto... :P, miralo
Re:FW:Mejor chorrada del a o, miralo
Re:FW:Lo peor del a o, miralo
Re:FW:Lo que siempre quisimos... :). miralo
Re:FW:Pues vale. miralo
Re:FW:No hay vida sin muerte... :(, miralo
Re:FW:Premio!!!! :D, miralo
Re:FW:Ayudame a ayudarte... :), miralo
Re:FW:Mejor chiste del a o :),miralo
Re:FW:Mejor Foto del a o ;), miralo
Message text:
Kaspersky-Antivirus.
Kein Virus Gefundenes
State:Ok
Symantec-Antivirus.
Noo Vyrus.
State:Ok
Symantec-Antivirus.
Nessun Virus Found.
State:Ok
Kaspersky-Antivirus.
No Virus Found.
State:Ok
F-Secure-Antivirus.
Aucun Virus Constat
State:Ok
Panda ActiveScan-Antivirus.
No se encontraron virus.
Estado:Ok
Attached filename:
Eskannnichtsein.zip
Kielraum2004.zip
Schlechter2004.zip
Daswarniewie das.zip
tatAutos.zip
Heiligtum.zip
ck.zip
Witz2004.zip
Foto2004.zip
opodeser.zip
tonto2004.zip
pior2004.zip
nuncafoiassim.zip
explodecarros.zip
metocou.zip
felicidade.zip
anedota2004.zip
foto2004.zip
stupido2004.zip
Peggiore2004.zip
utilizzadelleautomobili.zip
Santuario.zip
L'hotoccato.zip
Scherzo2004.zip
Itcannotbe.zip
Bilge2004.zip
Worse2004.zip
Itwasneverlikethat.zip
exploitscars.zip
Sanctuary.zip
Ihavetouched it.zip
Happiness.zip
Joke2004.zip
photo2004.zip
Renflement2004.zip
Plusmauvais2004.zip
Exploitedesvoitures.zip
Sanctuaire.zip
Bonheur.zip
Plaisanterie2004.zip
Photo2004.zip
nopuedeser.zip
pegote2004.zip
peor2004.zip
jamasfueasi.zip
rebientacoches.zip
santuario.zip
mehatocado.zip
felicidad.zip
chiste2004.zip
|
