Forums
New posts
Articles
Product Reviews
Policies
FAQ
Log in
Register
What's new
Search
Search
Search titles only
By:
New posts
Menu
Log in
Register
Install the app
Install
Forums
Community Information Center
News and Community Announcements
Beagle Virus
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Reply to thread
Message
<blockquote data-quote="witeshark" data-source="post: 26500" data-attributes="member: 3865"><p><span style="font-size: 10px"><span style="color: blue">For PC users:</span></span></p><p><span style="font-size: 10px"><span style="color: blue">Copies itself as %System%\sysinfo.exe.</span></span></p><p><span style="font-size: 10px"><span style="color: blue">Note: %System% is a variable. The worm locates the System folder and copies itself to that location. By default, this is C<img src="/mac_images/images/smilies/Undecided.png" class="smilie" loading="lazy" alt=":\" title="Undecided :\" data-shortname=":\" />Windows\System (Windows 95/98/Me), C<img src="/mac_images/images/smilies/Undecided.png" class="smilie" loading="lazy" alt=":\" title="Undecided :\" data-shortname=":\" />Winnt\System32 (Windows NT/2000), or C<img src="/mac_images/images/smilies/Undecided.png" class="smilie" loading="lazy" alt=":\" title="Undecided :\" data-shortname=":\" />Windows\System32 (Windows XP).</span></span></p><p><span style="font-size: 10px"><span style="color: blue">Adds the value:</span></span></p><p><span style="font-size: 10px"><span style="color: blue">"sysinfo.exe"="%System%\sysinfo.exe"</span></span></p><p><span style="font-size: 10px"><span style="color: blue">to the registry key:</span></span></p><p><span style="font-size: 10px"><span style="color: blue">HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run</span></span></p><p><span style="font-size: 10px"><span style="color: blue">so that the worm runs when you start Windows.</span></span></p><p><span style="font-size: 10px"><span style="color: blue">Creates the key:</span></span></p><p><span style="font-size: 10px"><span style="color: blue">HKEY_CURRENT_USER\SOFTWARE\Windows2005</span></span></p><p><span style="font-size: 10px"><span style="color: blue">Opens a backdoor on TCP port 4751, which allows for file downloading and execution.</span></span></p><p><span style="font-size: 10px"><span style="color: blue">Attempts to execute Dredr.exe, if the file is present on an infected computer.</span></span></p><p><span style="font-size: 10px"><span style="color: blue">Attempts to notify a predetermined Web server of the infection</span></span></p><p><span style="font-size: 10px"><span style="color: blue">Note: If the system clock's year is 2005 or later, this function will not occur.</span></span></p><p><span style="font-size: 10px"><span style="color: blue"></span></span></p></blockquote><p></p>
[QUOTE="witeshark, post: 26500, member: 3865"] [size=2][color=blue]For PC users: Copies itself as %System%\sysinfo.exe. Note: %System% is a variable. The worm locates the System folder and copies itself to that location. By default, this is C:\Windows\System (Windows 95/98/Me), C:\Winnt\System32 (Windows NT/2000), or C:\Windows\System32 (Windows XP). Adds the value: "sysinfo.exe"="%System%\sysinfo.exe" to the registry key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run so that the worm runs when you start Windows. Creates the key: HKEY_CURRENT_USER\SOFTWARE\Windows2005 Opens a backdoor on TCP port 4751, which allows for file downloading and execution. Attempts to execute Dredr.exe, if the file is present on an infected computer. Attempts to notify a predetermined Web server of the infection Note: If the system clock's year is 2005 or later, this function will not occur. [/color][/size] [/QUOTE]
Verification
Post reply
Forums
Community Information Center
News and Community Announcements
Beagle Virus
Top