Trojan.Begseabug
Trojan.Begseabug is a computer Trojan infection that will attempt to connect to a remote server and download additional malicious files. Trojan.Begseabug will modify Windows registry to be able to run itself when Windows is started and bypass any firewall applications.
Technical Information:
Damage Level: Medium
Systems Affected: Windows 9x, 2000, XP, Vista, Windows 7
Manual Removal of Trojan.Begseabug:
1. Temporarily Disable System Restore (Windows Me/XP/Vista/7) . [how to]
2. Update the virus definitions.
3. Restart Windows in SafeMode [how to]
4. Run a full system scan and clean/delete all infected file(s)
5. Delete/Modify any values added to the registry. [how to edit registry]
6. Exit registry editor and restart Windows.
Scan with Norton Power Eraser:
A free removal tool from Norton Antivirus was developed to remove unfamiliar threats without using the traditional AV signatures. Download the tool from this location and start scanning the computer for viruses.
Technical Details and Additional Information:
Malicious Files Added by Trojan.Begseabug:
%System%\[RANDOM CHARACTERS].exe
%System%\system.exe
%Temp%\1.tmp
%Temp%\IXP000.TMP\Setup4.exe
%Temp%\IXP000.TMP\Setup8.exe
%Temp%\IXP001.TMP\Setup4.exe
%Temp%\IXP001.TMP\Setup8.exe
%Temp%\IXP001.TMP\QVODSE~1.EXE
Associated Windows Registry Entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\”wextract_cleanup0″ = “rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 \”%Temp%\IXP000.TMP\\”"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\”wextract_cleanup1″ = “rundll32.exe %System%\advpack.dll,DelNodeRunDLL32 \”%Temp%\IXP001.TMP\\”"
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\”system” = “%System%\system.exe”