Selected viruses, spyware, and other threats: sorted alphabetically

Aliases: W32.HLLW.Acebo, W32/AceBot.worm

Win32/Newbiero is a rather numerous family of Trojan horses. After installation it enables remote control of the target computer and execution of commands. It also is able to copy itself to shared disks within the local computer network.

Note: In following text a symbolic inscription %windir%. is used instead of name of the directory in which Windows operating system is installed. Naturally, this can be different with any single installation

After being executed it gets copies into the directory %windir%/System under a random name. By means of creating an item in the key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run directed to this file it ensures its activation after the operating system restart.
While Win32/Newbiero is active it can turn off Sygate Personal Firewall, Tiny Personal Firewall, ZoneAlarm Pro or ZoneAlarm. All these are programs intended to protect the computer against an unapproved access from Internet.
The Trojan horse tries to get copies also to the network disk W: as the file W:\WINDOWS\Start Menu\Programs\StartUp\mssg.exe.
If the Win32/Newbiero is not active it gets connected to IRC and waits for commands. The commands may cause for example restart of the computer, execution of files or writing files on the infected computer and downloading them from it.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.