Security news
Security news4 October 2002
W32/Bugbear-A FAQ
1. How do I get rid of W32/Bugbear-A?
See the W32/Bugbear-A disinfection instructions. If you have any problems removing W32/Bugbear-A, contact technical support.
2. What systems are affected?
- Windows 95/98/Me and Windows 2000/XP can become infected.
- Windows NT, Macintoshes and other platforms cannot become infected. If a W32/Bugbear-A file is found on them it has been placed there by an infected computer.
3. Why doesn't the W32/Bugbear-A cleaner program run on Windows NT?
W32/Bugbear-A doesn't infect Windows NT. You should remove W32/Bugbear-A files placed on Windows NT computers with Sophos Anti-Virus.
4. How did my computer become infected?
W32/Bugbear-A arrives as an email attachment with a double file extension - .EXE, .SCR or .PIF. The filename itself may be anything, as may the subject line and body text of the email. On a network the W32/Bugbear-A worm can copy itself to your computer from another infected computer. Your computer can then become infected without having received an infected email.
5. Why are my printers printing out garbage?
W32/Bugbear-A attempts to copy itself to any available network resource, this can include printers. Printers cannot become infected, but they may start to print out the worm's code. This will waste a lot of paper.
6. How do I stop it printing?
Turn the printer off and on again. If it resumes printing out the worm code, then switch it off. You may have to clean all computers before switching your printers on again.
If you can see the print queue for the network printer, try to clear out all outstanding jobs. If you can't, or if that doesn't work, contact your IT department.
7. What will it do to my credit card ?
W32/Bugbear-A may record keystrokes entered into your computer and may then send the details to a remote encrypted email address. If you are worried that this may have happened, contact your bank directly.
The username and password for your internet account may also have been sent and should be changed.
8. How do I prevent my computer from becoming infected by similar things in the future?
-
A Microsoft security patch prevents W32/Bugbear-A and similar viruses from running automatically when viewed. If you are a home user consider visiting windowsupdate.microsoft.com to ensure you are running all of the latest security patches from Microsoft.
-
Follow safe computing practices.
-
The threat reduction facilities in MailMonitor for SMTP can be configured to automatically quarantine emails sent by W32/Bugbear-A and similar viruses.
