Need help? Ask the community or hire an expert.
Go to Avira Answers
Alias:Bit Defender: Win32.Buchon.F@mm Hbdev: Worm/Buchon.E.2 worm
Type:Worm 
Size:14.848 bytes 
Origin: 
Date:03-16-2005 
Damage: 
VDF Version:6.30.00.32 
Danger:Low 
Distribution:Low 

General DescriptionAffected Platforms:
* Windows 95
* Windows 98
* Windows ME
* Windows NT
* Windows 2000
* Windows XP
* Windows Server 2003

Technical DetailsIf the virus Worm/Buchon.E is executed, it adds the following entry in the Windows Registry:

HKEY_CURRENT_USER\Software\Microsoft\W indows\CurrentVersion\Run "Windowsupdate Service"="\%Path%\%Dateiname%.exe"

This entry causes that the worm be executed automatically whenever Windows starts.

The worm creates a Mutex object named "AAAA_BBBBCCCCDDDDEEEE_FFFF".

The worm sends a HTTP requests to random IP addresses on TCP ports which varies between the range 25000 - 25500.

The worm tries to establish a connection with the following SMTP servers:

mx02.peoplepc.com
mx4.earthlink.net
mailhost.hetnet.nl
mailprove.netvigator.com
sbcmail2.prodigy.net
mx8.earthlink.net
pbimail2.prodigy.net
mx2.optonline.net
mx02.mindspring.com
mx-ha01.web.de
mx5.prodigy.net
mx7.earthlink.net
Description inserted by Crony Walker on Tuesday, June 15, 2004

Back . . . .