W32.Babybear@mm

W32.Babybear@mm is a worm written in Visual Basic. It spreads using email. Once activated, this worm damages the installations of Symantec antivirus products and may prevent them from running.

W32.Babybear@mm copies itself all over the system and creates many empty folders.



List of folders that are copied to the C drive:
C:\$nProgram Files\System
C:\2Coding7
C:\2Program Files\System
C:\3Coding51
C:\C2oding1
C:\C4oding67
C:\Cchoding74
C:\cCoding55
C:\cCoding67
C:\Ccoding74
C:\Ccodinllg74
C:\cCodlling67
C:\cCoduuing55
C:\Cczhoding74
C:\chCoding67
C:\Cjroding466
C:\Cnoding1
C:\Co2ding2
C:\Co4ding74
C:\Cod2ing3
C:\Codi2ng4
C:\Codi3ng11
C:\Codin2g5
C:\Codin3g23
C:\Codincg11
C:\Codincg23
C:\Codincgkk23
C:\Codincguu11
C:\Codinchg11
C:\Codincyg23
C:\Codinczyg23
C:\Coding1
C:\Coding11
C:\Coding12
C:\Coding142
C:\Coding17
C:\Coding2
C:\Coding23
C:\Coding23j
C:\Coding26
C:\Coding2c3
C:\Coding2ch3
C:\Coding3
C:\Coding31
C:\Coding331
C:\Coding4
C:\Coding411
C:\Coding42
C:\Coding432
C:\Coding44
C:\Coding44c
C:\Coding44j
C:\Coding466
C:\Coding4c2
C:\Coding4cy2
C:\Coding4czy2
C:\Coding4t4
C:\Coding5
C:\Coding51
C:\Coding51c
C:\Coding55
C:\Coding55t
C:\Coding5r1
C:\Coding6
C:\Coding67
C:\Coding67r
C:\Coding7
C:\Coding74
C:\Coding7n
C:\Coding7xn
C:\Codingc12
C:\Codingc12uu
C:\Codingc31
C:\Codingc31kk
C:\Codingch12
C:\Codingcy31
C:\Codingczy31
C:\Codingd2
C:\Codingd2yy
C:\Codingf1
C:\Codingn6
C:\Codingr42
C:\Codings3
C:\Codings4
C:\Codingsy4
C:\Codingt23
C:\Codingxn6
C:\Codingys3
C:\Codingyyf1
C:\Codinkkcg11
C:\Codinng4
C:\Codinng5
C:\Codinrg31
C:\Codintg12
C:\Codinxng5
C:\Codinycg11
C:\Codinygd2
C:\Codinzg466
C:\Codinzycg11
C:\Codinzzg67r
C:\Codirng23
C:\Codirng2xx3
C:\Coditng11
C:\Codixnng4
C:\Codiyngf1
C:\Codiyyng17
C:\Codizng55t
C:\Codizngsy4
C:\Codning3
C:\Codring11
C:\Codrinxxg11
C:\Codsing5
C:\Codsing5y
C:\Codsing6
C:\Codsinjjg6
C:\Codsizng5y
C:\Codsjjing5
C:\Codxning3
C:\Codzing4t4
C:\Codzingys3
C:\Codzzing5r1
C:\Cojjdings4
C:\Cojrding17
C:\Collding51c
C:\Conding2
C:\Cording17
C:\Cording1uu7
C:\Couuding44c
C:\Coxnding2
C:\Coyyding466
C:\Cozdingt23
C:\Cozdinygd2
C:\Croding466
C:\Crodinuug466
C:\Csoding7
C:\Csoding7jj
C:\Cysoding7
C:\Cysodinzg7
C:\czhCoding67
C:\Czodintg12
C:\Czodiyngf1
C:\Czzodingr42
C:\H2elp
C:\hCoding51cy
C:\hCoding51zcy
C:\Hechlp8
C:\Heclp8
C:\Heczhlp8
C:\Hel4p8
C:\Heljrp1
C:\Help
C:\Help1
C:\Help8
C:\Helrp1
C:\Helrp1uf
C:\Heslp
C:\Heyslp
C:\Hezyslp
C:\Hlueclp8
C:\Htelp8
C:\Htelpz8
C:\Hyelp1
C:\jcCoding55
C:\jjCodings3
C:\kkHeslp
C:\llCoding4c2
C:\nProgram Files\System
C:\Pro3gram Files\System1
C:\Progchra1m Files\System
C:\Progcra1m Files\System
C:\Progcuura1m Files\System
C:\Progdram Files\System1
C:\Progr4a1m Files\System
C:\Progra1m Files\System
C:\Program Files\System
C:\Program Files\System1
C:\Progrgam Files\System
C:\Progydram Files\System1
C:\Progyyrgam Files\System
C:\Progzydram Files\System1
C:\Prokkgdram Files\System1
C:\Protgra1m Files\System
C:\Protgraz1m Files\System
C:\Proygrgam Files\System
C:\Prrogram Files\System1
C:\Prroxxgram Files\System1
C:\rHelp
C:\tCoding17
C:\tCoding74
C:\tCodinzg17
C:\tCodizngzz74
C:\Th3e Sims
C:\The 2Sims
C:\The 4S1ims
C:\The jr2Sims
C:\The r2Sims
C:\The rddaljflajflkjorjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjjj2Sims
C:\The S1ims
C:\The Sims
C:\Thec S1ims
C:\Thech S1ims
C:\Theczzh S1ims
C:\Thes Sims
C:\Theuuc S1ims
C:\Theys Sims
C:\Thezys Sims
C:\Thkes Sims
C:\Thte S1ims
C:\Thte Sz1ims
C:\Thye 2Sims
C:\Thye 2Szims
C:\Thyye 2Sims
C:\Trhe Sims
C:\Trxxhe Sims
C:\uuCoding2c3
C:\xxrHelp
C:\yCodsing6
C:\yCodsizng6
C:\yyCoding55
C:\yyHelp1
C:\zCodinrg31
C:\zCoditng1z1
C:\zProygrgam Files\System