$ 11.99|https://store.pandasecurity.com/300/purl-vpn?currencies=USS&x-track=55499&cart=iA001PVPNS05&language=en&quantity=1&enablecoupon=false&coupon=1STMOFFPD&x-coupon=1STMOFFPD&x-market=usa&x-track=190478|$ 0.00|$;PREFIX;.;,;11;99;0;00

Get 50% discount! Discover the plan that suits you best!

See offer

Get 50% discount! Discover the plan that suits you best!

See offer

Renew and get 50% off*

Only available for 48 hours!

::

*For home users only

Renew at a discount
::

Renew and get 50% off*

Renew
*Home users only

*For home users only Renew and get 50% off*

::
Renew

Special offer: Renew and get 50% off**

Only available for 48 hours!

::

*For home users only

Renew at a discount

*For home users only Special offer: Renew and get 50% off*

::04
Renew

Hello!

You’re about to visit our web page in English
Would you like to continue?

Yes, I want to visit the web page in English No, I want to visit the web page in

If this is not what you’re looking for,

Visit our Welcome Page!

Call us 24/7 and get a free diagnosis 951 203 528

Active Scan. Scan your PC free

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Bymer

 
Threat LevelModerate threatDamageHighDistributionNot widespread

Effects 

Bymer has been programmed to spread to other computers through networks.

Infection strategy 

Bymer follows the infection routine below:

  • It searches for IP addresses at random.
  • When it finds an IP address that allows access to the  C: drive of a computer, the virus copies itself to the Windows/System directory under the following name: WININIT.EXE.
  • Bymer will not spread to computers where the Windows/System directory does not exist (for example computers running under Windows NT, Windows 2000, etc.).

Bymer creates the following files:

  • DNETC.EXE and DNETC.INI, which are part of the RC5 application (distributed client process), not of the worm. Although Bymer installs these files, they are not part of it, which means that these files are not dangerous.

Bymer modifies the following file:

  • WIN.INI, to which it adds the following value:
    [windows]
    load=C:\ WINDOWS\ SYSTEM\ WININIT.EXE
    When the infected computer is restarted, Bymer deletes the value it inserted in the  WIN.INI file and creates the following entries in the Windows Registry:
  • HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Run bymer.scanner = "c:\ windows\ system\ wininit.exe"
    By modifying this entry, Bymer ensures it is run every time the computer is started up.
  • HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ RunServices distributed.net.client "C:\ WINDOWS\ SYSTEM\ dnetc.exe" -hide""
    With this entry, Bymer ensures the RC5 application is run without the user realizing.

Means of transmission 

Bymer mainly spreads through computer networks using TCP/IP connections.

ARE YOU FACING ANY PC OR INTERNET RELATED PROBLEMS?
FREE SUPPORT INCLUDED. CALL US 24/7

powered by Anytech365