W32.Besam


Aliases: W32/Besam
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active and Spreading
Spreading: Slow
Geographical info: N/A
Removal: Hard
Platform: W32
Discovered: 04 Oct 2005
Damage: Low

Characteristics: The worm W32.Besam is capable of propagating its infection by spreading to floppy disks. This malware is likewise known to overwrite the file autoexec.bat.

More details about W32.Besam

When run in the compromised machine, the W32.Besam worm will first copy itself as the C:\ Windows\ Setv.com file. It will then add certain registry subkey values. These values are purposely added by the malware so that it can execute along Windows when the system is started. This worm will also create a certain registry entry to lower the system's security settings. The W32.Besam worm will likewise try to copy its code to the floppy drive A:\ using the filename Besame[FOUR BLANK SPACES].exe. It will then proceed to overwriting the Autoexec.bat file found in the C:\ Windows folder. The worm will overwrite the file with another batch file (also called a .bat file) and then delete the whole directory tree of the drives I, h, g and f.

Eradicating the W32.Besam worm’s infection requires the deactivation of the System Restore feature and the restarting of Windows in Safe Mode. Next, users need to conduct a complete scan of the machine with an updated antivirus program. Delete the files Setv.com in the folder C:\ Windows\ System. The next step is to create a backup of the Registry and then delete the value added by the virus. Turn on the System Restore feature and then restart Windows. As an added security measure, users can also opt to scan the system once again to make certain that files dropped by the worm are removed.