YOU’RE NOT VIEWING PANDA SECURITY USA. CLICK TO IMPROVE YOUR EXPERIENCE
VISIT PANDA SECURITY USA
x
48h OFFER
If you're already a customer of
our homeusers protection,
renew now with 50% off
RENEW NOW
x
48-HOUR OFFER
50%
RENEWALS
Home users only
RENEW AT A DISCOUNT
x
SPECIAL OFFER
If you're already a customer of
our homeusers protection,
renew now with 50% off
RENEW NOW
x
HALLOWEEN OFFER
take advantage of our
terrific discounts
BUY NOW AND GET 50% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET 50% OFF
x
SPECIAL OFFER
Buy the best antivirus
at the best price
BUY NOW AND GET 50% OFF
x
UP TO
-60%
BUY NOW
x
UP TO
-60%
BUY NOW
Active Scan. Scan your PC free

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Bymer

Threat LevelModerate threatDamageHighDistributionNot widespread

Effects 

Bymer has been programmed to spread to other computers through networks.

Infection strategy 

Bymer follows the infection routine below:

  • It searches for IP addresses at random.
  • When it finds an IP address that allows access to the  C: drive of a computer, the virus copies itself to the Windows/System directory under the following name: WININIT.EXE.
  • Bymer will not spread to computers where the Windows/System directory does not exist (for example computers running under Windows NT, Windows 2000, etc.).

Bymer creates the following files:

  • DNETC.EXE and DNETC.INI, which are part of the RC5 application (distributed client process), not of the worm. Although Bymer installs these files, they are not part of it, which means that these files are not dangerous.

Bymer modifies the following file:

  • WIN.INI, to which it adds the following value:
    [windows]
    load=C:\ WINDOWS\ SYSTEM\ WININIT.EXE
    When the infected computer is restarted, Bymer deletes the value it inserted in the  WIN.INI file and creates the following entries in the Windows Registry:
  • HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Run bymer.scanner = "c:\ windows\ system\ wininit.exe"
    By modifying this entry, Bymer ensures it is run every time the computer is started up.
  • HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ RunServices distributed.net.client "C:\ WINDOWS\ SYSTEM\ dnetc.exe" -hide""
    With this entry, Bymer ensures the RC5 application is run without the user realizing.

Means of transmission 

Bymer mainly spreads through computer networks using TCP/IP connections.

ARE YOU FACING ANY PC OR INTERNET RELATED PROBLEMS?
FREE SUPPORT INCLUDED. CALL US 24/7

powered by Anytech365