Discovered: November 9, 1999
Updated: February 13, 2007 11:33:09 AM
Also Known As: VBS/BubbleBoy@MM [McAfee], I-Worm.BubbleBoy [AVP], VBS_BUBBLEBOY [Trend], VBS/BubbleBoy.Worm [CA], VBS/BubbleBoy [Panda], VBS/BubbleBoy-A [Sophos]
Type: Worm, Virus
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
To remove this worm:
- Delete the following files:
C:\Windows\Start Menu\Programs\StartUp\Update.hta
C:\Windows\Menú Inicio\Programas\Inicio\Update.
- Restore the following registry keys to their proper values:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\RegisteredOwner
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\RegisteredOrganization
- Remove the following registry key:
HKLM\Software\OUTLOOK.BubbleBoy\
NOTE: Not removing this key will actually prevent the worm from propagating again.
Prevention Information
Microsoft has provided a patch to prevent the worm from propagating by viewing an infected email in Outlook. Security Response recommends downloading this patch from the following Web site:
http://www.microsoft.com/technet/security/bulletin/ms99-032.asp
Also, Symantec Security Response recommends monitoring the following Web site for any Microsoft security updates:
http://www.microsoft.com/security/default.asp
Writeup By: Eric Chien
Technorati
Digg
Delicious
Reddit
StumbleUpon
Yahoo Buzz
Twitter
Facebook
Newsvine