high
Summary
Summary
Action- More Information
| How it spreads |
|
|---|---|
| Affected operating systems | Windows |
| Characteristics |
|
| Included in our products from | September 2006 (4.09) |
| Protection available since | 14 July 2006 13:20:42 (GMT) |
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please follow the instructions for removing worms.
More Information
W32/VB-BZR is a peer-to-peer worm for the Windows platform. The worm also has keylogging functionality.
When first run W32/VB-BZR copies itself to:
<Startup>\Microsoft Common Items.exe
<Windows>\KjWallpaper.mxm
<System>\WinFolder.mxm
<System>\MstaskService.exe
<System>\SystemKernelFile.exe
W32/VB-BZR copies itself to the root of all available drives with a filename selected randomly from the following:
Fine Pictures.exe
WINFOLDER.exe
Office Documents.exe
Private Pictures.exe
Pictures.exe
Music Folder.exe
eBooks.exe
Network Folder.exe
Microsoft Common Shared Files.exe
Funny Jokes.exe
New Folder.exe
Text Files.exe
WinAmp Files.exe
PowerPoint Documents.exe
Project Report(s).exe
Unread Emails.exe
Picture Collection.exe
Wallpapers.exe
My Documents.exe
Backup Folder.exe
Game Folder.exe
Received Pictures.exe
Downloads.exe
Briefcase Documets.exe
Chernobyl April 26.exe
Folder.exe
Desktop.exe
Important Letters.exe
Shared Folder.exe
Shared Documets.exe
README.exe
My Shared Documents.exe
Common Files.exe
Zipped Folder.exe
Wma Files.exe
W32/VB-BZR also tries to copy itself to the shared folder of peer-to-peer applications with a filename selected from one of the following at random:
Hot+Fun+BeachBabes Flash Game.exe
Saddams Birthday Video [Flash Movie].exe
www.VirtualGirl.com Serial Key Generator + Patch.exe
Adult PACMAN 2 Game [FULL].exe
WinRAR Working Patch.exe
Google Earth Pro FULL Regestry Patch.exe
Folder Locker Setup 2.01 [FULL Patched].exe
Winzip 10.00 + WinRAR 5.1 + WinAce 7.00 ALL in ONE Ultimate Patch [From CoRe]
Macfee + Norton AntiVirus GoLive Regestry Patch.reg.exe
Internet Explorer + Mozilla Firefox Parental Adult Passsword Filter Remover .exe
Women's Tennis Goes Nude [Flash Game].exe
Hottest Blog on Pornography Sex Icons [Advisory].txt.exe
Blog on LSD,Marijuana,Hashish,Drugs Making.html.exe
Nokia,Samsung,Sony Mobile Hacks Secret unlock codes CHEATBOOK [FULL].msi.exe
DivX JetAudio All Version Working Patch.exe
Wallpaper Collection.exe
Default folder .exe
Common Wallpapers.exe
ScreenSaver.exe
More Info.exe
Updated Downloads.exe
Shared Files.exe
Text Files.exe
UPDATE.exe
Folder.exe
Pictures.exe
W32/VB-BZR may attempt to disable the registry editor and task manager, and may create registry entries under the following:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
|
