From Wikipedia, the free encyclopedia
Jump to: navigation, search

The BuluBebek virus is a computer worm that was first discovered on October 10, 2008. The virus is not exceptionally widespread, but rather has only infected small groups of computers. Related to the Kenshin, Doraemon, and Naturo viruses, the virus has infected computers in various parts of the world. It is written in a high level programming language, known as Visual Basic. The virus is only 53 KB in size and creates two files on the computers it infects, an EXE file and an INF file.


  • In order to prevent the computer user from recognizing the threat and removing it from the system, scripts are written to prevent the Task Manager from opening and to disable Registry Tools. Microsoft Visual Studio Debugging Tools are also targeted by these script, making it impossible for certain drivers to access this information. Unlike some more aggressive viruses, this worm is relatively bengin for the computers it manages to infect.
  • Experts guess that the writers of this particular virus likely did so simply for the fun of it, as it serves next to no purpose for the author of the worm. The only effects of infection that will be evident to the computer user are that files and folders may be hidden from view. This can occur both on the computer system itself and any flash media used with the machine.

Computer infections[edit]

The BuluBebek virus is not spread on the Internet like many other viruses, by primarily is transmitted to other systems through flash media drives. For this reason, the virus has thankfully remained relatively uncommon. Systems that are infected will pass the worm on if they access or create files on a flash drive that is in turn used in another system.[1] For this reason, it remains important for infected computer users to remove the offending files as quickly as possible.

Detection and removal[edit]

  • Fortunately, most major antivirus packages will recognize the BuluBebek virus if a full system scan is run.[2] When this occurs, the Antivirus software will quarantine suspicious files and notify the computer user of the issue at hand. If the user wishes to do so, the BuluBebek virus can also be removed from the infected system manually.[3]
  • In order to manually remove the virus, the computer user will need to disconnect from the Internet and temporarily disable System Restore. At this point, an alternative software program to Task Manager should be used to access the Running Process Memory. Here, the process can be killed permanently and specialized script can be entered to restore the registry to its original condition before the infection occurred on the machine.

See also[edit]


  1. ^ "Remove W32/VBWorm.QXE (bulubebek)". Istanto.net. Retrieved 2012-06-29. 
  2. ^ "Basic Tips on Detection and Removal of the BuluBebek Virus - Antivirus Education". Antivirus-edu.org. 2012-05-30. Retrieved 2012-06-29. 
  3. ^ "HeaT SeekeR: Bulubebek". Kuyau.blogspot.com. 2009-04-10. Retrieved 2012-06-29. 

External links[edit]