Home Malware Programs Viruses Win32.Viking.bb

Win32.Viking.bb

Posted: October 5, 2010

Win32.Viking.bb is a dangerous computer virus capable of modifying other files by infecting and overwriting them. Win32.Viking.bb can compromise your system and personal information by allowing a hacker access to your computer. Win32.Viking.bb may display false positives and block legitimate anti-virus programs. Win32.Viking.bb may go undetected but must be removed the instant it is detected using a reliable spyware detection tool.

Aliases

W32.Looked.P (Symantec)
Worm.Win32.Viking.bb (Kaspersky Lab)
W32/HLLP.Philis.bd (McAfee)
PE_LOOKED.QQ-O (Trend Micro)
Mal/EncPk-BW, W32/Looked-Gen (Sophos)
Virus:Win32/Viking.T (Microsoft)

File System Modifications

  • The following files were created in the system:
    # File Name
    1 %ProgramFiles%\Internet Explorer\Connection Wizard\icwconn1.exe
    2 %ProgramFiles%\Internet Explorer\Connection Wizard\icwconn2.exe
    3 %ProgramFiles%\Internet Explorer\Connection Wizard\icwrmind.exe
    4 %ProgramFiles%\Internet Explorer\Connection Wizard\icwtutor.exe
    5 %ProgramFiles%\Internet Explorer\Connection Wizard\inetwiz.exe
    6 %ProgramFiles%\Internet Explorer\Connection Wizard\isignup.exe
    7 %ProgramFiles%\Internet Explorer\iedw.exe
    8 %ProgramFiles%\MSN\MSNCoreFiles\Install\MSN9Components\Digcore.exe
    9 %ProgramFiles%\MSN\MSNCoreFiles\Install\MSN9Components\Msncli.exe
    10 %ProgramFiles%\MSN\MSNCoreFiles\Install\msnsusii.exe
    11 %ProgramFiles%\MSN\MSNIA\msniasvc.exe
    12 %ProgramFiles%\MSN\MSNIA\prestp.exe
    13 %ProgramFiles%\MSN\MsnInstaller\msninst.exe
    14 %ProgramFiles%\Outlook Express\msimn.exe
    15 %ProgramFiles%\Outlook Express\oemig50.exe
    16 %ProgramFiles%\Outlook Express\setup50.exe
    17 %ProgramFiles%\Outlook Express\wab.exe
    18 %ProgramFiles%\Outlook Express\wabmig.exe
    19 %ProgramFiles%\Web Publish\WPWIZ.EXE
    20 %ProgramFiles%\Windows Media Player\migrate.exe
    21 %ProgramFiles%\Windows Media Player\mplayer2.exe
    22 %ProgramFiles%\Windows Media Player\setup_wm.exe
    23 %ProgramFiles%\Windows Media Player\wmplayer.exe
    24 %ProgramFiles%\WinPcap\rpcapd.exe
    25 %ProgramFiles%\WinPcap\Uninstall.exe

Registry Modifications

  • The following newly produced Registry Values are:
    HKEY..\..\..\..{Subkeys}[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
Loading...