Selected viruses, spyware, and other threats: sorted alphabetically
Short description
Win32/Botgor.B is a prepending virus . The virus is designed to artificially generate traffic to certain Internet sites. Installation
When executed, the virus copies itself into the following location: - %windir%\system\bot1.exe
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\
CurrentVersion\Winlogon]
"Userinit" = "%system%\userinit.exe,%windir%\system\bot1.exe"
- [HKEY_LOCAL_MACHINE\SOFTWARE\BN1]
"G" = "%variable1%"
"AN" = "%variable2%"
"UA" = "%variable3%"
"UA_" = "%variable4%"
Executable files infection
Win32/Botgor.B is a prepending virus . The virus searches for executables with one of the following extensions:
- .exe
- %program files%
- %windir%\system32\cleanmgr.exe
- %windir%\system32\dxdiag.exe
- %windir%\system32\msconfig.exe
- %windir%\system32\regedit.exe
- %windir%\system32\sol.exe
Other information
The virus is sent data and commands from a remote computer or the Internet. The virus is designed to artificially generate traffic to certain Internet sites.
The virus sends HTTP requests to simulate clicks on banner advertisements, to inflate web counter statistics etc.
The virus may display the following messages:
The virus tries to download a file from the Internet. The file is stored into the following folder:
- %windir%
- bot1_update.exe
- %windir%\bot1_update.exe, %windir%\system\bot1.exe
The following information is collected:
- malware version
- default Internet browser
