Hello!

You’re about to visit our web page in English
Would you like to continue?

Yes, I want to visit the web page in English No, I want to visit the web page in

If this is not what you’re looking for,

Visit our Welcome Page!

Panda Security

Merry Christmas!

This offer ends in:

0 0

Hours

0 0

Minutes

0 0

Seconds

-60%

Special Offer: Renew with a 60% discount

Forgot your customer ID? Click here

-60%
Panda Security

Merry Christmas!

-60% on all Panda Dome products

-60%
Buy
My Account

Virus Encyclopedia

Welcome to the Virus Encyclopedia of Panda Security.

Bymer

 
Threat LevelModerate threat
DamageHigh
DistributionNot widespread

At a glance

Common name:Bymer
Technical name:W32/Bymer
Threat level:Low
Alias:W32.HLLW.Bymer, Worm.Bymer.a
Type:Worm
Effects:  It does not carry out destructive actions in the computers it infects.

First detected on:Aug. 22, 2002
Detection updated on:Oct. 2, 2002
StatisticsNo

Brief Description 

    

Bymer is a worm that spreads rapidly through computer networks.

Apart from its huge capacity to spread, Bymer does not carry out any destructive actions in the computers it infects.

Visible Symptoms 

    

Bymer does not give any clear indication that it has reached or infected a computer.

Tech details

Effects

Bymer has been programmed to spread to other computers through networks.

Infection strategy 

Bymer follows the infection routine below:

  • It searches for IP addresses at random.
  • When it finds an IP address that allows access to the  C: drive of a computer, the virus copies itself to the Windows/System directory under the following name: WININIT.EXE.
  • Bymer will not spread to computers where the Windows/System directory does not exist (for example computers running under Windows NT, Windows 2000, etc.).

Bymer creates the following files:

  • DNETC.EXE and DNETC.INI, which are part of the RC5 application (distributed client process), not of the worm. Although Bymer installs these files, they are not part of it, which means that these files are not dangerous.

Bymer modifies the following file:

  • WIN.INI, to which it adds the following value:
    [windows]
    load=C:\ WINDOWS\ SYSTEM\ WININIT.EXE
    When the infected computer is restarted, Bymer deletes the value it inserted in the  WIN.INI file and creates the following entries in the Windows Registry:
  • HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ Run bymer.scanner = "c:\ windows\ system\ wininit.exe"
    By modifying this entry, Bymer ensures it is run every time the computer is started up.
  • HKEY_LOCAL_MACHINE\ Software\ Microsoft\ Windows\ CurrentVersion\ RunServices distributed.net.client "C:\ WINDOWS\ SYSTEM\ dnetc.exe" -hide""
    With this entry, Bymer ensures the RC5 application is run without the user realizing.

Means of transmission 

Bymer mainly spreads through computer networks using TCP/IP connections.

Solution

See solution

Anytech logo

Call us 24/7 and get a FREE DIAGNOSIS

+1 (323) 395 2630

logo
Panda Security, a WatchGuard Technologies brand, offers the most advanced protection for your family and business. Its Panda Dome range provides maximum security against viruses, ransomware and computer espionage, and is compatible with Windows, Mac, Android and iOS.
    About Panda
    Company Info Reviews Awards and certifications Panda Worldwide Blog Security Info
    Home Users
    Panda Dome portfolio Customer Login Page Online Antivirus Downloads Free Antivirus Free VPN Offers
    Business - WatchGuard Technologies
    WatchGuard Endpoint Security Network Security Authpoint MFA Secure Wi-Fi Partners
    Visa Master Card Maestro Pay Pal Apple Pay
    Bank Transfer iDeal Klarna
    Privacy Policy Legal Notice Cookie Policy Return Policy