Q

Bugbear's disappearing act

I had a few Windows 98 workstations infected by Bugbear. Strange as it may appear, the ***.exe file it creates in Windows Startup can appear and disappear. I am fortunate that 'Stinger' by McAfee Avert was able to delete the other ***.exe file in the System folder. Given this behavior, would you say that Bugbear has stealth capabilities?


No, Bugbear does not have a stealth mode, but I think your answer is simple. First off, check and delete the following registry key on all your systems:

  1. Click Start, and click Run. The Run dialog box appears.
  2. Type regedit and then click OK. The Registry Editor opens.
  3. Navigate to this key:
  4. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce

  5. Next, disconnect each from the network (yes, unplug the network cable), boot each in safe mode and scan with the most recent antivirus definition.

I think the issue is that you keep getting re-infected with Bugbear, thus it looks like it is gone and re-appears.

Also, word of caution. Using the Registry editor can do severe damage to your computers. Be very careful.


For more information on this topic, visit these other SearchSecurity.com resources:
Featured Topic: Virus alert -- Bugbear
News & Analysis: Guard against Bugbear using these tips
Infosec Know IT All Trivia: Virus prevention


This was first published in October 2002

Dig deeper on Malware, Viruses, Trojans and Spyware

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close