Anti-Virus | AntiBugBear Removal Tool
Report a Bad Link
When first executed, the worm drops a copy of itself to the %system% folder (using a random file name) and registers this file to be executed at every system startup (using the HKLM\Software\Microsoft\Windows\CurrentVersion\Run key), then modifies the key "HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\EnableAutodial" so that the default internet connection will be automatically dialed.
Then the worm drops three files in the %system32% folder; one of them is the keyboard hook DLL (detected as Trojan.Keylogger.Bugbear.B) and the other two are used to collect informations about the computer.
The worm includes anti-antivirus techniques; it attempts to terminate several anti-virus and firewall software products, by means of the TerminateProcess API. The processes are enumerated differently for the two major Win32 platforms (using toolhelp32 functions when supported, otherwise the psapi functions).
MGID NEWS FEED: