Virus Database

I-Worm.Newbiero

Description I-Worm.Newbiero

Newbiero is a worm virus spreading through local area networks. This worm has a backdoor routine that allows a 'master' (the person controlling the worm) to monitor infected machines.
The worm itself is a Windows PE EXE file about 160Kb in size, written in Microsoft Visual C++.
When run the worm installs itself into the system, copies itself to the Windows system directory with a random name (for example, AGCMJL.EXE or CBICAR.EXE) and registers this file in the system registry auto-run key:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun
Microsoft Diagnostic = %worm random EXE name%
Newbiero then deletes its original EXE file (from where it was run).
The worm also creates the MSSE.INI file in the Windows system directory and uses this file as an infection flag while spreading through the local area network.
Spreading
To infect the local network the worm scans local network IP addresses and tries to connect to machines it finds by mapping the hard drives. If a successful connection occurs the worm copies itself the hard drive with the name:
WINDOWSStart MenuProgramsStartUpmssg.exe
If Windows is installed in a directory with a different name, the infection procedure fails to spread the worm.
Backdoor
The backdoor routine provides remote control to:

download to the infected machine other EXE files and run them
run local EXE files
exit Windows, reboot the machine, logoff users
perform DoS (Denial of Service) attacks, thus the worm has DDoS ability
report RAS information from the affected machine (logins and passwords)
Additional Information
The worm tries to terminate the following firewalls:
Sygate Personal Firewall
Tiny Personal Firewall
ZoneAlarm Pro
ZoneAlarm
If the "c:logging.ini" file contains any content the worm creates .log files where it writes different reports about its actions. Such .log files are:

c:logsmisc.log
c:logsIPreport.log
c:logsips.log
c:logs ecived.log
c:logsyey.ini
c:logsscan.log
c:logsinfections.log
c:logsservmsg.log
c:logsFetchreport.log
c:logsopt.abc
c:logsabc.cba
c:online.log

Check other viruses! Be aware! Use Antiviral Software

99percents

Description 99percents

It is a very dangerous nonmemory resident encrypted parasitic virus. It searches for .EXE files and writes itself to the end of the file. On November, 11th it overwrites the files with the program that displays when that file is executed:
Het 99%-virus heeft toegeslagen. . .
!This is my revenge E.V !
Originally released 6 April '92

A&A.506

Description A&A.506

It's a memory resident not dangerous virus. It hooks INT 21h, 28h and infects COM-files only. It manifests itself by a video effect.

Home