Virus Database

I-Worm.Bagle.a

Description I-Worm.Bagle.a
This worm spreads via the Internet in an attachment to infected emails.
The worm itself is a Window PE EXE file of approximately 15KB.
Messages sent by the worm have the following characteristics:
From:
random sender
Subject:
Hi
Body:
Test =)
Signature:
Test, yep
Attach:
random name
Installation
The worm is activated only if a user clicks on the attached file. When installing, the worm copies itself to the system directory under the name 'bbeagle.exe' and registers this file in the system registry auto-run key:
[HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun]
"d3dupdate.exe" = "%system%beagle.exe"
The worm will also run the Windows application calc.exe.
The worm attempts to connect to several remote sites relating to TrojanProxy.Win32.Mitglieder.
Replication
The worm looks for files with the extensions wab, txt, htm, html, r1 and scans them for email-like text strings, then sends infected messages to the email addresses found.
The worm uses an SMTP engine to send infected messages.
Backdoor function
The worm opens port 6777 to listen for commands. The backdoor function allows the attacker to download files and execute commands on the infected computer.
Other
If the system date is later than 28th January 2004, the worm will not have any effect.

Check other viruses! Be aware! Use Antiviral Software

Gorilla

Description Gorilla

This is a dangerous, memory resident boot virus. It hooks INT 13h, and writes itself to the boot sectors of floppy disks and to the MBR of the hard drive. It infects floppy drives that are accessed, and writes itself to the MBR sector upon loading from an infected floppy disk. In September, the virus erases the CMOS memory.

Gorinich.776

Description Gorinich.776

It is a harmless memory resident parasitic virus. It hooks INT 21h and writes itself to the end of COM- and EXE-files that are executed. It contains partly encrypted text string:
Zmey Gorinich v0.04 RAU

Home