Bugbear.B - What to look for & how to look for it!

Question

Is there a way to check your system for this (Bugbear.B) virus?

-Chuck

Answer

This question was answered on June 11, 2003. Much of the information contained herein may have changed since posting.

The recently discovered Bugbear.B is one of the most dangerous and sinister worms that has ever been created.

Not only is it dangerous, it's spreading at an alarming rate.

Rarely does a virus or worm get a 'level 4' rating from SARC (Symantec Antivirus Research Center) and it usually takes weeks or months for us to see infected machines from a new outbreak in our repair facilities.

With Bugbear.B, however, we saw many systems brought to us the day after it was discovered, which is extremely rare New viruses and worms are discovered on a daily basis, most of which are benign or not very widespread.

Bugbear.B does not jump up on the screen when you contract it to tell you that it got you; it does its dirty deeds silently.

Many users confuse a warning from their antivirus program when it catches a virus, with being infected If you get verbiage on your screen referring to the Bugbear.B while you are checking your e-mail, then you are most likely being protected.

The most common complaint that our technicians have seen from users infected by Bugbear.B is that they can no longer use their e-mail program Bugbear.B begins its attack by disabling antivirus and firewall programs, so if the antivirus program is configured to scan all e-mail, it no longer works after the attack.

If you try to manually run your antivirus program to check for infection and it won't work or gives you an error message, it is possible that you have been infected by this or one of a variety of worms that use the same attack.

If your printer suddenly won't print or is spewing out reams of junk pages, this is another possible symptom of Bugbear.B.

The best way to check your system is to make sure your antivirus program is up-to-date by using the built-in update feature found in most packages, then performing a full scan (select 'All Files') of all hard drives.

The other step that is an absolute must is to make sure that you have all of the security updates for the version of Windows that you are running.

Bugbear.B takes advantage of a vulnerability that was discovered over two years ago that many users have never patched The easiest way to check for these updates is to go to www.windowsupdate.com.

An interim step that you can take to protect yourself is to disable the 'Preview Pane' in Outlook and Outlook Express e-mail programs This feature is what allows users to take a look at a message prior to opening it Bugbear.B is actually capable of infecting a user that simply clicks on a message, if the Preview Pane is active.

In most cases, simply reading a message is safe, but if your Windows based system is not properly updated, this worm can actually tell your e-mail program to automatically open the attachment (which contains the worm) via the Preview Pane!

To disable the preview pane in Outlook Express, click on View, then Layout and remove the checkmark in front of 'Show preview pane'.

To disable the preview pane in Outlook, simply click on View, then 'Preview pane'.

Once your antivirus program and Windows are updated, you can safely turn the Preview Pane back on.

Need Help with this Issue?

We help people with technology! It's what we do.
Schedule an Appointment with a location for help!

Author

Posted by Ken of Data Doctors on June 11, 2003