W32/Bajar-B

Discussion in 'malware problems & news' started by FanJ, Jul 4, 2002.

Thread Status:
Not open for further replies.
  1. FanJ

    FanJ Guest

    Name: W32/Bajar-B
    Aliases: W32.ZVM@mm, VBS.ZVM@mm, VBS.Bajar.B@mm
    Type: Win32 worm
    Date: 4 July 2002


    At the time of writing Sophos has received no reports from users
    affected by this worm. However, we have issued this advisory
    following enquiries to our support department from customers.

    Note: This IDE file detects W32/Bajar-B and W32/Bajar-A

    More information about W32/Bajar-B can be found at
    http://www.sophos.com/virusinfo/analyses/w32bajarb.html
     
    FanJ, Jul 4, 2002
    #1
  2. FanJ

    FanJ Guest

    W32/Bajar-B is a mass mailing worm that emails itself to all entries in all Windows address books. It arrives in an email with the following characteristics:

    Subject line: Nuevo programa para bajar musica gratis
    Message body: con este programa vas a poder bajar cualquier tipo de musica las mejores canciones

    The attached filename can be anything.

    On execution W32/Bajar-B displays a message box containing the text "Instalando ZVmusic".

    The worm checks the registry entry HKCU\Software\mp3_sent and if it is not set to "yea" then it makes it so and executes its mass mailing routine.

    Finally W32/Bajar-B deletes:
    C:\windows\rundll.exe
    C:\windows\system\vshield.vxd
    C:\autoexec.bat
    C:\windows\regedit.exe
    C:\windows\regedit.com
     
    FanJ, Jul 4, 2002
    #2
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...