To remove W32.BeagleAG.Worm virus, you need to follow these steps:
. Download Bkav software version Bkav527 about a folder on the machine.
If you use Windows Me or XP, you must turn off the function System Restore of the operating system go.
. If your computer has installed other anti-virus programs such as NAV, McAffe must be temporary Turn off the Auto Protect function of those programs.
. Running Bkav527, Select to scan all files, all drives.
Restart computer to complete.
Some features of the W32.BeagleAG.Worm virus
Create the following Mutex to prevent some viruses from the NetSky family from being executed:
-
MuXxXxTENYKSDesignedAsTheFollowerOfSkynet-D
-
'D'r'o'p'p'e'd'S'k'y'N'e't'
-
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
-
[SkyNet.cz] SystemsMutex
-
AdmSkynetJklS003
-
____--- & gt; & gt; & gt; & gt; U & lt; & lt; & lt; & lt; --____
-
10-OX] xX-S-y-N-e-t-
Delete values with the following names:
-
My AV
-
Zone Labs Client Ex
-
9XHtProtect
-
Antivirus
-
Special Firewall Service
-
service
-
Tiny AV
-
ICQNet
-
HtProtect
-
NetDy
-
Jammer2nd
-
FirewallSvr
-
MsInfo
-
SysMonXP
-
EasyAV
-
PandaAVEngine
-
Norton Antivirus AV
-
KasperskyAVEng
-
SkynetsRevenge
-
ICQ Net
in:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun
to prevent some other viruses from being executed when booting the operating system.
Copy itself to:
% SYS% winxp.exe
% SYS% winxp.exeopen
% SYS% winxp.exeopenopen(with % SYS% is the directory that contains the Windows system files.)
Create a value named " "and the data is" % SYS% winxp.exe "in the key:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun
The virus is executed every time a user starts Windows.
Close processes with the following names:
LUINIT.EXE
MCAGENT.EXE
MCUPDATE.EXE
MFW2EN.EXE
MFWENG3.02D30
EXE.MGUI.EXE
MINILOG.EXE
MOOLIVE.EXE
MRFLUX.EXE.
REGEDT32.EXE
REGEDIT.EXE
MSCONFIG.EXE
NORTON_INTERNET_SECU_3.0_407.EXE
FIREWALL.EXE
MSINFO32.EXE
MSSMMC32.EXE
MU0311AD.EXE
NAV80TRY.EXE
ZAUINST.EXE
ZONALM2601.EXE
ZONEALARM.EXE(and many other processes)
Find and retrieve email addresses in files with the following extensions:
.wb .txt .msg .htm .shtm. .stm .xm .dbx .mbx
.mdx .eml .nch .mmf .ods .cfg .asp .php .pl .wsh .adb
.tbb .sht .xls .oft .uin .cgi .mht .dhtmIgnore mail addresses that contain strings:
@microsoft
rating @
f-secur
news
update
anyone @
bugs @
contract @
feste
gold-c
erts @
help @
info @
nobody @
noone @
Casp
admin
icrosoft
support
tv
unix
linux
listserv
certific
sopho
@foo
@iana
free-av
@messagelab
winzip
winrar
samples
abuse
panda
cafee
spam
@avp.
noreply
local
root @
postmaster @The virus also finds and retrieves icons in .exe files for use.
Copy itself to the directory that the name contains 'shar' with the following names:
-
Microsoft Office 2003 Crack, Working! .exe
-
Microsoft Windows XP, WinXP Crack, working Keygen.exe
-
Microsoft Office XP working Crack, Keygen.exe
-
Porn, sex, blowjob, anal cool, awesome !!
-
Porno Screensaver.scr
-
Serials.txt.exe
-
KAV 5.0
-
Kaspersky Antivirus 5.0
-
Porno pics arhive, xxx.exe
-
Windows sourcecode update.doc.exe
-
Ahead Nero 7.exe
-
Windown Longhorn Beta Leak.exe
-
Opera 8 New! .exe
-
XXXhardcore images.exe
-
WinAmp 6 New! .exe
-
WinAmp 5 Pro Keygen CrackUpdate.exe
-
Adobe Photoshop 9 full.exe
-
Matrix 3 Revolution English Subtitles.exe
-
ACDSee 9.exe
Create and send messages with the following characteristics:
Title : Re
mail content maybe :
& gt; foto3 and MP3
& gt; fotogalary and Music
& gt; fotoinfo
& gt; Lovely animals
& gt; Animals
& gt; Predators
& gt; The snake
& gt; Screen and MusicAttachments variable size and have the following characteristics:
File name can be one of the values:
Music_MP3
New_MP3_Player
Cool_MP3
Doll
Garry
fishExtensions
.exe
.cr
.com
.zip
.cplAttachments if there is an extension .zip These are compressed files with passwords. At that point the message will have the password extracted attached. This password is drawn as an image with the original Arial font, size and color can vary.
Run a php script from some German websites:
http://www.bmgs.bund.de/o.php
http://www.gtz.de/o.php
http://www.dwelle.de/o.php
http://www.monster.de/o.php
http://www.regtp.de/o.php
http://www.stufenlos-regelbar.de/o.php
http://www.rapz-records.de/o.php
http://abtacha.wirebrain.de/o.php
http://die-cliquee.de/o.php
http://www.gantke-net.de/o.php
http://www.dar-fantasy.de/o.php
http://www.mdirk.de/o.php
http://www.calistyler.de/o.php
http://tripod.de/o.php
http://sgi1.rz.rwth-aachen.de/o.php
http://www.sysserver1.de/o.php
http://www.vwschubert.de/o.php
http://ronnyackermann.de/o.php
http://www.destatis.de/o.php
http://www.berlinonline.de/o.php
http://www.meinestadt.de/o.php
http://obechmann.de/o.php
http://www.stepstone.de/o.php
http://www.degruyter.de/o.php
http://www.lufthansa.de/o.php
http://www.duden.de/o.php
http://www.pcwelt.de/o.php
http://www.astronomie.de/o.php
http://www.abacho.de/o.php
http://www.bundesliga.de/o.php
http://www.expo2000.de/o.php
http://knecht.cs.uni-magdeburg.de/o.php
....(and many other sites)
Analyst: Nguyen Minh Anh.
Download the program Bkav2002 (Version 527) & nbsp; & nbsp; & nbsp; 301kb
