I just got an Alert via MSN Messenger McAfee tab about the W32/Bugbear@MM worm
W32/Bugbear@MM is rated as MEDIUM RISK FOR HOME AND CORPORATE USERS. This mass-mailing worm attempts to send itself to email addresses found on an infected system.
Once the virus is run, it will attempt to disable various security products, including many forms of anti-virus and personal firewall protection. It will also attempt to install a backdoor trojan that can capture what the user types, including sensitive information such as passwords.
This virus spreads via email and via network shares. It makes use of the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability in Microsoft Internet Explorer (v 5.01 or 5.5 without SP2).
Simply opening or previewing an infected message in a vulnerable email reader can result in infection.
View: W32/Bugbear@MM Helpcenter
View: Detection and Removal steps
W32/Bugbear@MM is rated as MEDIUM RISK FOR HOME AND CORPORATE USERS. This mass-mailing worm attempts to send itself to email addresses found on an infected system.
Once the virus is run, it will attempt to disable various security products, including many forms of anti-virus and personal firewall protection. It will also attempt to install a backdoor trojan that can capture what the user types, including sensitive information such as passwords.
This virus spreads via email and via network shares. It makes use of the Incorrect MIME Header Can Cause IE to Execute E-mail Attachment vulnerability in Microsoft Internet Explorer (v 5.01 or 5.5 without SP2).
Simply opening or previewing an infected message in a vulnerable email reader can result in infection.
View: W32/Bugbear@MM Helpcenter View: Detection and Removal steps
Once a PC is infected, VirusScan may not be able to run as the virus can terminate the process before any scanning/removal is accomplished. The following steps will allow for proper VirusScan scanning/removal, by using the command-line scanner.
- Ensure that you are using the minimum DAT specified or higher.
- Close all running applications
- Disconnect the system from the network.
- Go to a command prompt, then change to the VirusScan engine directory:
- Win9x/ME - Click START | RUN, type command and hit ENTER.
Type cd progra~1common~1networ~1viruss~140~1.xx and hit ENTER. - WinNT/2K/XP - Click START | RUN, type cmd and hit ENTER.
Type cd progra~1common~1networ~1viruss~14.0.xx and hit ENTER
- Win9x/ME - Click START | RUN, type command and hit ENTER.
- Rename SCAN.EXE to CLEAN.EXE to prevent the virus from terminating the process and deleting files. Type, ren scan.exe clean.exe and hit ENTER.
- First, scan the system directory.
- Win9x/ME - Type clean.exe %windir%systemwin*.exe and hit ENTER.
- WinNT/2K/XP - Type clean.exe %windir%system32win*.exe and hit ENTER.
- Once the scan has completed, Type clean.exe /adl /clean and hit ENTER.
- Rename scan.exe. Type, ren clean.exe scan.exe and hit ENTER.
- After scanning and removal is complete, reboot the system
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.