Main Menu
Home
Bookmark
Contact Us



 
Win32.Bee Viruses Information

Name: Win32.Bee
Category: Viruses
Description: Details
Win32.Beef

It is a harmless memory resident parasitic Win32 virus. It stays in Windows memory and infects PE EXE files (Win32 executable files) that are being opened. While infecting the virus writes itself to the end of the file.
When the virus is run for the first time, it infects the EXPLORER.EXE file in Windows directory. Because EXPLORER.EXE file is active and locked by Windows for writing, the virus uses a standard trick to avoid that. It copies EXPLORER.EXE to BEEFREE.SYS file and infects it. Then the virus creates the WININIT.INI file with "rename" command in there that will replace original EXPLORER.EXE with its infected copy one next Windows restart.
When Windows is run with infected EXPLORER.EXE, the virus gets access to KERNEL32.DLL image in the system memory and patches two its exported API functions: LoadLibraryA and CreateFileA. Then when a PE EXE file is being opened, the virus infects it.



Top Viruses Visited Pages:
Baboo - 674 visits
Invader. - 537 visits
Firstling.199 - 262 visits
Macro.Excel.Hidemo - 241 visits
Spartak.110 - 234 visits
not-a-virus:RemoteAdmin.Win32.RAdmin.2 - 232 visits
Worm.P2P.Harex. - 224 visits
Coito.64 - 223 visits
Small.58. - 213 visits
DDoS.Win32.Kozo - 195 visits

Random Viruses Pages:
TT.75
Macro.Word.Stealp
Win32.Parv
Gergana.18
Zerobug.153
Kukac.44
Gambler.28
Edolan.83
Alien_II.25
Mity.198


 


2006-2008 spyware32.com - Privacy Policy