Main Menu
Home
Bookmark
Contact Us



 
Win32.Bee Viruses Information

Name: Win32.Bee
Category: Viruses
Description: Details
Win32.Beef

It is a harmless memory resident parasitic Win32 virus. It stays in Windows memory and infects PE EXE files (Win32 executable files) that are being opened. While infecting the virus writes itself to the end of the file.
When the virus is run for the first time, it infects the EXPLORER.EXE file in Windows directory. Because EXPLORER.EXE file is active and locked by Windows for writing, the virus uses a standard trick to avoid that. It copies EXPLORER.EXE to BEEFREE.SYS file and infects it. Then the virus creates the WININIT.INI file with "rename" command in there that will replace original EXPLORER.EXE with its infected copy one next Windows restart.
When Windows is run with infected EXPLORER.EXE, the virus gets access to KERNEL32.DLL image in the system memory and patches two its exported API functions: LoadLibraryA and CreateFileA. Then when a PE EXE file is being opened, the virus infects it.



Top Viruses Visited Pages:
Baboo - 678 visits
Invader. - 540 visits
Firstling.199 - 265 visits
Macro.Excel.Hidemo - 241 visits
Spartak.110 - 237 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 233 visits
Coito.64 - 227 visits
Worm.P2P.Harex. - 227 visits
Small.58. - 217 visits
DDoS.Win32.Kozo - 199 visits

Random Viruses Pages:
DSME.Apex.268
Macro.Word.Ord
Gawenda.41
Mr_Gu Famil
Oropa
Win95.Smash.1026
Backdoor.Nickse
Nuker.CGS
Line.90
Macro.Word.Talon.


 


2006-2008 spyware32.com - Privacy Policy