Welcome to the Virus Encyclopedia of Panda Security.
It attacks certain security tools, such as antivirus programs and firewalls, belonging to several companies. It downloads a file to the computer.
|First detected on:||March 1, 2005|
|Detection updated on:||March 7, 2005|
|Yes, using TruPrevent Technologies
Mitglieder.BO is a Trojan that heavily attacks several security tools, such as antivirus programs and firewalls belonging to different companies, if they are installed on the affected computer:
It deletes key files belonging to them from the affected computer.
It deletes the entries in the Windows Registry that allow them to be activated whenever Windows is started.
It stops services associated to those programs.
It also ends processes belonging to the applications that provide updates for antivirus programs.
It prevents access to the websites of their companies.
Every six hours, Mitglieder.BO attempts to download a file from different web addresses. This file is detected by Panda Security as Downloader.BBN.
This Trojan also downloads and runs the worm Bagle.BN.
Mitglieder.BO is installed by a dropper type malware, which injects the executable file WINSHOST.EXE into the system process EXPLORER.EXE. This dropper is distributed via e-mail by the worm Bagle.BN itself.
Mitglieder.BO is difficult to recognize, as it does not display any messages or warnings that indicate it has reached the computer.