I had a few Windows 98 workstations infected by Bugbear. Strange as it may appear, the ***.exe file it creates...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
in Windows Startup can appear and disappear. I am fortunate that 'Stinger' by McAfee Avert was able to delete the other ***.exe file in the System folder. Given this behavior, would you say that Bugbear has stealth capabilities?
No, Bugbear does not have a stealth mode, but I think your answer is simple. First off, check and delete the following registry key on all your systems:
- Click Start, and click Run. The Run dialog box appears.
- Type regedit and then click OK. The Registry Editor opens.
- Navigate to this key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
- Next, disconnect each from the network (yes, unplug the network cable), boot each in safe mode and scan with the most recent antivirus definition.
I think the issue is that you keep getting re-infected with Bugbear, thus it looks like it is gone and re-appears.
Also, word of caution. Using the Registry editor can do severe damage to your computers. Be very careful.
For more information on this topic, visit these other SearchSecurity.com resources:
Featured Topic: Virus alert -- Bugbear
News & Analysis: Guard against Bugbear using these tips
Infosec Know IT All Trivia: Virus prevention
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.