Win32.HLLM.Beagle.32256

Added to the Dr.Web virus database: 2004-03-01

Virus description added: 2004-03-01

Description

Win32.HLLM.Beagle.32256[Beagle.H] is a mass-mailing worm which affects computers running under Windows 95/98/Me/NT/2000/XP operating systems.

Being executed, the worm drops its copy i11r54n4.exe to the Windows\\System folder (in Windows 9x/ME it’s C:\\Windows\\System, in Windows NT/2000 it’s C:\\WINNT\\System32, in Windows XP it’s C:\\Windows\\System32) and points to this copy in the system registry:

HKEY_LOCAL_USER\\Software\\Microsoft\\Windows\\CurrentVersion\\Run
\"rate.exe\"=\"%SysDir%\\i11r54n4.exe\"
thus securing its execution at every Windows reboot. The worm also creates its own key
HKEY_CURRENT_USER\\Software\\winexe

It also places several more files to the same folder:

i1i5n1j4.exe – a dll with an exe extension, contains a system library downloading procedure

go154o.exe – a dll containing the worm’s mass-mailing procedure

i11r54n4.exeopen – a zip-archive with the randomly named worm’s executable dispatched at its mass distribution

In other details of behaviour it is very similar to Win32.HLLM.Beagle.36352.

Tecnologías

Términos

Formación y educación

Mitos