Selected viruses, spyware, and other threats: sorted alphabetically
Short descriptionWin32/Botgor.B is a prepending virus . The virus is designed to artificially generate traffic to certain Internet sites.
InstallationWhen executed, the virus copies itself into the following location:
In order to be executed on every system start, the virus sets the following Registry entry:
The following Registry entries are created:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
"Userinit" = "%system%\userinit.exe,%windir%\system\bot1.exe"
A string with variable content is used instead of %variable1-4% .
"G" = "%variable1%"
"AN" = "%variable2%"
"UA" = "%variable3%"
"UA_" = "%variable4%"
Executable files infectionWin32/Botgor.B is a prepending virus .
The virus searches for executables with one of the following extensions:
It infects files stored in the following folders:
It infects the following files:
- %program files%
The original host executable can be reconstructed when an infected file is run.
Other informationThe virus is sent data and commands from a remote computer or the Internet.
The virus is designed to artificially generate traffic to certain Internet sites.
The virus sends HTTP requests to simulate clicks on banner advertisements, to inflate web counter statistics etc.
The virus may display the following messages:
The virus tries to download a file from the Internet. The file is stored into the following folder:
using the following name:
The virus may create copies of the following files (source, destination):
The virus contains a list of (3) URLs.
- %windir%\bot1_update.exe, %windir%\system\bot1.exe
The following information is collected:
The virus can send the information to a remote machine. The HTTP protocol is used.
- malware version
- default Internet browser