W32.Bactera


Aliases: W32/Bactera.worm!p2p, W32/Bactera.worm!a, W32/Bactera.worm!p2p!ac12ee4bb496, W32/VB-ACS
Variants: W32/Bactera

Classification: Malware
Category: Computer Worm

Status: Active and Spreading
Spreading: Moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 11 May 2006
Damage: Low

Characteristics: The W32.Bactera worm tries to spread itself via file sharing networks. It allegedly targets the P2P file sharing network eMule.

More details about W32.Bactera

The W32.Bactera program is a P2P worm capable of disguising itself as a key generator or crack tool. When users run this malware, it will display a fake error message. This worm runs silently in the background without any window when renamed as the “AntiVirScan.exe”. The name used to rename the file is case sensitive. When the W32.Bactera worm is run in the compromised system, it will display an official looking but fake message saying that the “MFClibrary.dll” file cannot be found. The worm reportedly does this to goad the user into thinking that the malicious file is actually a key generator or crack tool. It will then create the files AntiVirScan.exe, list, bac2.exe and bac.exe. These files will be stored in the C:\ directory. The W32.Bactera worm then begins to scan the computer system for the eMule file sharing program’s presence.

When eMule is detected, the worm will create the C:\ Windows\ temp\ Bactera folder. This worm will then make multiple copies of itself to the said folder using names from a predetermined selection. Filenames used by the worm include bacteria.exe, 1st Go Warkanoid Crack & KeyGen all Versions.exe, Road To India Crack & KeyGen all Versions.exe, Sven Bomwollen Zwo Crack & KeyGen all Versions.exe, Enigram Crack & KeyGen all Versions.exe and Knight and Merchants Gold Edition Crack & KeyGen all Versions.exe. The worm will likewise create a certain registry subkey for storing the information pertaining to the worm’s installation.