BuluBebek

Last updated March 17, 2019

The BuluBebek virus is a computer worm that was first discovered on October 10, 2008. The virus is not exceptionally widespread, but rather has only infected small groups of computers. Related to the Kenshin, Doraemon, and Naturo viruses, the virus has infected computers in various parts of the world. It is written in a high level programming language, known as Visual Basic. The virus is only 53 KB in size and creates two files on the computers it infects, an EXE file and an INF file.

A computer worm is a standalone malware computer program that replicates itself in order to spread to other computers. Often, it uses a computer network to spread itself, relying on security failures on the target computer to access it. Worms almost always cause at least some harm to the network, even if only by consuming bandwidth, whereas viruses almost always corrupt or modify files on a targeted computer.

Visual Basic is a third-generation event-driven programming language from Microsoft for its Component Object Model (COM) programming model first released in 1991 and declared legacy during 2008. Microsoft intended Visual Basic to be relatively easy to learn and use. Visual Basic was derived from BASIC and enables the rapid application development (RAD) of graphical user interface (GUI) applications, access to databases using Data Access Objects, Remote Data Objects, or ActiveX Data Objects, and creation of ActiveX controls and objects.

In computing, an INF file or Setup Information file is a plain-text file used by Microsoft Windows for the installation of software and drivers. INF files are most commonly used for installing device drivers for hardware components. Windows includes the IExpress tool for the creation of INF-based installations. INF files form part of the Windows Setup API and of its successor, Windows Installer.

History

In order to prevent the computer user from recognizing the threat and removing it from the system, scripts are written to prevent the Task Manager from opening and to disable Registry Tools. Microsoft Visual Studio Debugging Tools are also targeted by these script, making it impossible for certain drivers to access this information. Unlike some more aggressive viruses, this worm is relatively benign for the computers it manages to infect.
Experts guess that the writers of this particular virus likely did so simply for the fun of it, as it serves next to no purpose for the author of the worm. The only effects of infection that will be evident to the computer user are that files and folders may be hidden from view. This can occur both on the computer system itself and any flash media used with the machine.

Microsoft Visual Studio is an integrated development environment (IDE) from Microsoft. It is used to develop computer programs, as well as websites, web apps, web services and mobile apps. Visual Studio uses Microsoft software development platforms such as Windows API, Windows Forms, Windows Presentation Foundation, Windows Store and Microsoft Silverlight. It can produce both native code and managed code.

Computer infections

The BuluBebek virus is not spread on the Internet like many other viruses, by primarily is transmitted to other systems through flash media drives. For this reason, the virus has thankfully remained relatively uncommon. Systems that are infected will pass the worm on if they access or create files on a flash drive that is in turn used in another system.^[1] For this reason, it remains important for infected computer users to remove the offending files as quickly as possible.

The Internet is the global system of interconnected computer networks that use the Internet protocol suite (TCP/IP) to link devices worldwide. It is a network of networks that consists of private, public, academic, business, and government networks of local to global scope, linked by a broad array of electronic, wireless, and optical networking technologies. The Internet carries a vast range of information resources and services, such as the inter-linked hypertext documents and applications of the World Wide Web (WWW), electronic mail, telephony, and file sharing.

Detection and removal

Fortunately, most major antivirus packages will recognize the BuluBebek virus if a full system scan is run.^[2] When this occurs, the Antivirus software will quarantine suspicious files and notify the computer user of the issue at hand. If the user wishes to do so, the BuluBebek virus can also be removed from the infected system manually.^[3]
In order to manually remove the virus, the computer user will need to disconnect from the Internet and temporarily disable System Restore. At this point, an alternative software program to Task Manager should be used to access the Running Process Memory. Here, the process can be killed permanently and specialized script can be entered to restore the registry to its original condition before the infection occurred on the machine.

Antivirus software computer software to defend against malicious computer viruses

Antivirus software, or anti-virus software, also known as anti-malware, is a computer program used to prevent, detect, and remove malware.

System Restore is a feature in Microsoft Windows that allows the user to revert their computer's state to that of a previous point in time, which can be used to recover from system malfunctions or other problems. First included in Windows ME, it has been included in all following desktop versions of Windows released since, excluding the Windows Server. In Windows 10, System Restore is turned off by default and must be enabled by users in order to function. This does not affect personal files such as documents, music, pictures, and videos.

Related Research Articles

Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network. Malware does the damage after it is implanted or introduced in some way into a target's computer and can take the form of executable code, scripts, active content, and other software. The code is described as computer viruses, worms, Trojan horses, ransomware, spyware, adware, and scareware, among other terms. Malware has a malicious intent, acting against the interest of the computer user—and so does not include software that causes unintentional harm due to some deficiency, which is typically described as a software bug.

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

Scareware is a form of malware which uses social engineering to cause shock, anxiety, or the perception of a threat in order to manipulate users into buying unwanted software. Scareware is part of a class of malicious software that includes rogue security software, ransomware and other scam software that tricks users into believing their computer is infected with a virus, then suggests that they download and pay for fake antivirus software to remove it. Usually the virus is fictional and the software is non-functional or malware itself. According to the Anti-Phishing Working Group, the number of scareware packages in circulation rose from 2,850 to 9,287 in the second half of 2008. In the first half of 2009, the APWG identified a 585% increase in scareware programs.

AutoRun and the companion feature AutoPlay are components of the Microsoft Windows operating system that dictate what actions the system takes when a drive is mounted.

Mobile malware is malicious software that targets mobile phones or wireless-enabled Personal digital assistants (PDA), by causing the collapse of the system and loss or leakage of confidential information. As wireless phones and PDA networks have become more and more common and have grown in complexity, it has become increasingly difficult to ensure their safety and security against electronic attacks in the form of viruses or other malware.

WinFixer is a family of scareware rogue security programs developed by Winsoftware which claim to repair computer system problems on Microsoft Windows computers if a user purchases the full version of the software. The software is mainly installed without the user's consent. McAfee claims that "the primary function of the free version appears to be to alarm the user into paying for registration, at least partially based on false or erroneous detections." The program prompts the user to purchase a paid copy of the program.

A multipartite virus is a computer virus that infects and spreads in multiple ways. The term was coined to describe the first viruses that included DOS executable files and PC BIOS boot sector virus code, where both parts are viral themselves. Prior to the discovery of the first of these, viruses were categorized as either file infectors or boot infectors. Because of the multiple vectors for the spread of infection, these viruses could spread faster than a boot or file infector alone.

Blackworm is an Internet worm discovered on January 20, 2006 that infects several versions of Microsoft Windows. It is also known as Grew.a, Grew.b, Blackmal.e, Nyxem.e, Nyxem.d, Mywife.d, Tearec.a, CME-24, and Kama Sutra.

The Vundo Trojan is either a Trojan horse or a computer worm that is known to cause popups and advertising for rogue antispyware programs, and sporadically other misbehavior including performance degradation and denial of service with some websites including Google and Facebook. It also is used to deliver other malware to its host computers. Later versions include rootkits and ransomware.

Defensive computing is a form of practice for computer users to help reduce the risk of computing problems, by avoiding dangerous computing practices. The primary goal of this method of computing is to be able to anticipate and prepare for potentially problematic situations prior to their occurrence, despite any adverse conditions of a computer system or any mistakes made by other users. This can be achieved through adherence to a variety of general guidelines, as well as the practice of specific computing techniques.

Kaspersky Anti-Virus is an antivirus program developed by Kaspersky Lab. It is designed to protect users from malware and is primarily designed for computers running Microsoft Windows and macOS, although a version for Linux is available for business consumers.

Nurech.B is a computer worm that infects computers through MSN Messenger. It inserts a link in the chat window while you are chatting with someone, thus making it look as if your friend sent it and thus exploiting that trust. Once you click on that link, it downloads an .exe file with a name such a "Valentine Card" or "Happy Valentine's Day". Once infected, it spreads through your MSN to your friends and is invisible.

A computer virus is a type of malicious software that, when executed, replicates itself by modifying other computer programs and inserting its own code. When this replication succeeds, the affected areas are then said to be "infected" with a computer virus.

Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. It uses flaws in Windows OS software and dictionary attacks on administrator passwords to propagate while forming a botnet, and has been unusually difficult to counter because of its combined use of many advanced malware techniques. The Conficker worm infected millions of computers including government, business and home computers in over 190 countries, making it the largest known computer worm infection since the 2003 Welchia.

Daprosy worm was a malicious computer program that spreads via local area network (LAN) connections, spammed e-mails and USB mass storage devices. Infection comes from a single read1st.exe file where several dozen clones are created at once bearing the names of compromised folders. The most obvious symptom of Daprosy infection is the presence of Classified.exe or Do not open - secrets!.exe files from infected folders.

MS Antivirus is a scareware rogue anti-virus which purports to remove virus infections found on a computer running Microsoft Windows. It attempts to scam the user into purchasing a "full version" of the software.

AV Security Suite is a piece of scareware and malware, or more specifically a piece of rogue security software, which poses as a pre-installed virus scanner on a victim's computer system. It is currently known to affect only Microsoft Windows systems, though may simply operate under a different name on other platforms to better fit in with their user-interfaces, as its disguise is a key component of its success. In the task manager it appears as a string a random characters that end with "tssd.exe" – an example is yvyvsggtssd.exe. It also can show a random string of characters that end with "shdw.exe".

Sality is the classification for a family of malicious software (malware), which infects files on Microsoft Windows systems. Sality was first discovered in 2003 and has advanced over the years to become a dynamic, enduring and full-featured form of malicious code. Systems infected with Sality may communicate over a peer-to-peer (P2P) network for the purpose of relaying spam, proxying of communications, exfiltrating sensitive data, compromising web servers and/or coordinating distributed computing tasks for the purpose of processing intensive tasks. Since 2010, certain variants of Sality have also incorporated the use of rootkit functions as part of an ongoing evolution of the malware family. Because of its continued development and capabilities, Sality is considered to be one of the most complex and formidable forms of malware to date.

OSX.FlashBack, also known as the Flashback Trojan, Fakeflash, or Trojan BackDoor.Flashback, is a Trojan horse affecting personal computer systems running Mac OS X. The first variant of Flashback was discovered by antivirus company Intego in September 2011.

References

↑ "Remove W32/VBWorm.QXE (bulubebek)". Istanto.net. Retrieved 2012-06-29.
↑ "Basic Tips on Detection and Removal of the BuluBebek Virus - Antivirus Education". Antivirus-edu.org. 2012-05-30. Archived from the original on 2012-07-03. Retrieved 2012-06-29.
↑ "HeaT SeekeR: Bulubebek". Kuyau.blogspot.com. 2009-04-10. Retrieved 2012-06-29.

External links

Virus Bulu Bebek Removal Guide

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] "Remove W32/VBWorm.QXE (bulubebek)". Istanto.net. Retrieved 2012-06-29.

[2] "Basic Tips on Detection and Removal of the BuluBebek Virus - Antivirus Education". Antivirus-edu.org. 2012-05-30. Archived from the original on 2012-07-03. Retrieved 2012-06-29.

[3] "HeaT SeekeR: Bulubebek". Kuyau.blogspot.com. 2009-04-10. Retrieved 2012-06-29.