How do you know if you've got BugBear virus?
Thread Starter
Scooby Regular
Joined: Oct 2000
Posts: 11,217
Likes: 0
From: Does it matter?
Don't think I've got it, but just being a bit wary...
What are the symtpoms etc?
Is it wirth running the bugbear antidote (from Norton) just in case, or will it screw up my PC?
TIV
Dan
What are the symtpoms etc?
Is it wirth running the bugbear antidote (from Norton) just in case, or will it screw up my PC?
TIV
Dan
Scooby Regular
Joined: Oct 1998
Posts: 4,891
Likes: 0
From: London
Scooby Regular
Joined: Apr 1998
Posts: 1,864
Likes: 0
For those that haven't checked it out yet....
The symptoms are
Port 36794 TCP open
Existence of the following files (* represents any character):
%WinDir%\System\****.EXE (50,688 or 50,684 bytes)
%WinDir%\******.DAT
%WinDir%\******.DAT
%WinDir%\System\******.DLL
%WinDir%\System\*******.DLL
%WinDir%\System\*******.DLL
Large Print jobs sent to network printers. The full printout caused by a copy of the worm in the printer queue can take about 500 pages. They are mostly blank with only one-two lines of random symbols on each page. The very first page starts with "MZ" followed by about 18 funny symbols and a string "=!This program cannot be run in DOS mode". Another visible printed string close to the beginning is "Rich5".
The symptoms are
Port 36794 TCP open
Existence of the following files (* represents any character):
%WinDir%\System\****.EXE (50,688 or 50,684 bytes)
%WinDir%\******.DAT
%WinDir%\******.DAT
%WinDir%\System\******.DLL
%WinDir%\System\*******.DLL
%WinDir%\System\*******.DLL
Large Print jobs sent to network printers. The full printout caused by a copy of the worm in the printer queue can take about 500 pages. They are mostly blank with only one-two lines of random symbols on each page. The very first page starts with "MZ" followed by about 18 funny symbols and a string "=!This program cannot be run in DOS mode". Another visible printed string close to the beginning is "Rich5".
Trending Topics
Scooby Regular
Joined: Aug 2001
Posts: 2,474
Likes: 0
From: Republic Of Mancunia
I've had it. E-Mail wasnt working on of the PCs at work, went to see, and was totally baffled. Whilst checking the normal stuff, noticed Norton wasnt running. So I started it, and a few seconds later, it closed itself, repeat 2 or 3 times before I got suspicious and checked the symantec site.
Recieved it in e-mail 5 times now, and all 5 were from computery related websites, most from aspsql.com and one from someone claiming to be something to do with internic.
Recieved it in e-mail 5 times now, and all 5 were from computery related websites, most from aspsql.com and one from someone claiming to be something to do with internic.
Scooby Regular
Joined: Apr 2002
Posts: 9,196
Likes: 0
From: Birmingham
We've had it attempt to come into our work premises. Luckily all our email is screened at the ISP, and they use 3 virus scanners + they're own heuristic one. Bit worrying tho if that had got to one of the "less pc literate" users and managed to disable the desktop AV.
Andy
Andy
Thread
Thread Starter
Forum
Replies
Last Post