Win32/Agent.BEA
Created: 2009-09-10,
16:33:38
Endangered operating system(s): Windows 95, Windows 98, Windows Me, Windows NT, Windows 2000 all... Non-endangered operating system(s): Windows 3.xx, DOS, Linux, Unix, Solaris all... Naming The different antivirus applications use different names for the individual viruses and worms. Sometimes an antivirus application identifies the same individual malware using different names for different copies or different viruses and worms are identified with the same name. The informative list below contains the names for the malware given by the most popular antivirus applications. The names can vary using the different versions of the same antivirus application.
Installation The main purpose of viruses and worms spreading on the Internet and local networks is to infect another computer. After this infection malware can modify the system and after a reboot process the malware code can be launched. For this purpose malware usually creates files in the operating system's area and modify the registry. According to this modification of the registry the operating system will execute the malware code as well. Besides, it is possible that they create files in other area (directory) of the file system. It is also possible that viruses and worms create AUTORUN.INF files in the root directories of the drives. In this case - according to the default settings of Windows - it automatically executes the malware once the user opens the root directory of the particular drive.The Win32/Agent.BEA trojan in the Windows folder (default: C:\Windows) creates the vmmreg32.exe files. The Win32/Agent.BEA trojan in the Windows System32 folder (default: C:\Windows\System32) creates the rasphone.dll files. Win32/Agent.BEA trojan creates the following entries in the registry or modifies it (if it exists already): Backdoor Viruses and worms more and more frequently open backdoors on the attacked computer. Thus the attacker can take full control over the machine. In this case the attacker can do whatever s/he wants on the computer: run or stop programs and applications, upload or download files, steal passwords and access codes.It connects to the s2.jorbanblack.com web page. |