About: Bacros   Sponge Permalink

An Entity of Type : dbkwik:resource/uazuHg3wEfJ5Uid5iYR3Jw==, within Data Space : 134.155.108.49:8890 associated with source dataset(s)

Virus.Win32.Bacros.a or Bacros is a virus on Microsoft Windows that infects local filesystem files by renaming all .TXT files to .EXE files. It can also copy itself in floppies and CD-ROMs. The virus also drops and executes a Word Macro virus W97M/Bacros.A.

AttributesValues
rdf:type
rdfs:label
  • Bacros
rdfs:comment
  • Virus.Win32.Bacros.a or Bacros is a virus on Microsoft Windows that infects local filesystem files by renaming all .TXT files to .EXE files. It can also copy itself in floppies and CD-ROMs. The virus also drops and executes a Word Macro virus W97M/Bacros.A.
  • The Bacros virus seems to have come from Finland and has several payloads. It runs on Windows NT based systems and on Microsoft Word. It makes four copies of itself in the Windows system folder: * mssys.exe * sys.exe * msdosdrv.exe * WordInfo.doc It modifies the registry so it is run on startup. It also drops an infected Word Document to the root directory of the C: drive: * WordInfo.doc On any other day, the virus will spread to CD-ROMs by adding an autorun.inf script and by dropping a copy of itself on the CD-ROM, if it has access to it.
dcterms:subject
dbkwik:malware/pro...iPageUsesTemplate
Date
  • Unknown
Origin
  • Finland
Platform
  • Microsoft Windows
Name
  • Bacros
Type
  • Virus
filetype
  • .EXE
AKA
  • Virus.Win32.Bacros.a
Creator
  • Unknown
abstract
  • The Bacros virus seems to have come from Finland and has several payloads. It runs on Windows NT based systems and on Microsoft Word. It makes four copies of itself in the Windows system folder: * mssys.exe * sys.exe * msdosdrv.exe * WordInfo.doc It modifies the registry so it is run on startup. It also drops an infected Word Document to the root directory of the C: drive: * WordInfo.doc When an infected computer is booted on the 10th, 20th, or 30th of any month, the virus will launch the WordInfo.doc file it dropped in the system folder. On the 6th of any month, Bacros types "I, Madman" into the active Word Document and changes the application user name to "ANCIENT." On any other day, the virus will spread to CD-ROMs by adding an autorun.inf script and by dropping a copy of itself on the CD-ROM, if it has access to it. When an infected computer is booted on the 1st of any month, Bacros disaplays a fake error message and replaces all .GIF images it can find with a small one with the text "KUOLE JEHOVA." In Finland, this means "Die Jehovah." When an infected computer is booted on the 2nd of any month, Bacros will display the same error message and run another spreading routine. It replaces all .TXT files on the computer with itself and creates a backup. The backup can only be viewed if the "Show Hidden Files and Folders" setting is checked. When that copy of Bacros is opened, it will open the backup. When it is exchanged with a friend, the user can accidentally send the virus instead of the text document. If they open it without an antivirus program, their computer will get infected and the text file will not be displayed. Instead, Bacros will open Notepad with a file called "ReadMy.txt." ReadMy.txt contains the name of the file repeated several times. When an infected computer is booted on December 6th (Finland's Independence Day), the virus will change the desktop background to a small picture of the flag of Finland. When an infected computer is booted on the first day of Christmas (December 25th), Bacros will delete all files it can find.
  • Virus.Win32.Bacros.a or Bacros is a virus on Microsoft Windows that infects local filesystem files by renaming all .TXT files to .EXE files. It can also copy itself in floppies and CD-ROMs. The virus also drops and executes a Word Macro virus W97M/Bacros.A.
Alternative Linked Data Views: ODE     Raw Data in: CXML | CSV | RDF ( N-Triples N3/Turtle JSON XML ) | OData ( Atom JSON ) | Microdata ( JSON HTML) | JSON-LD    About   
This material is Open Knowledge   W3C Semantic Web Technology [RDF Data] Valid XHTML + RDFa
OpenLink Virtuoso version 07.20.3217, on Linux (x86_64-pc-linux-gnu), Standard Edition
Data on this page belongs to its respective rights holders.
Virtuoso Faceted Browser Copyright © 2009-2012 OpenLink Software