New virus doing the rounds - We contracted it here via hotmail, so it got through trends virus guard used by hotmail, got through avg with no probs, and delivered its payload subjects of emails have been party invite attachment returned you suck! Contains a zip file 0.33mb in size disables the following ... cmd, regedit and taskman Even safe boot with command prompt will freeze Files delivered are party.scr and invite.pif, but the pif is hidden, and will not allow the file to be renamed to .txt it puts the .pif back to the end of it - avg will than flag suspicious activity but it dont know what. Any body know how to recover the disabled files without having to re-install - they are all still there - but are being trapped somehow TpwUK
New virus worm alert ....
9 posts
• Page 1 of 1
- Windows
- php
- Microsoft publisher
- cisco
- Microsoft Project
- web Designer
- WINDOWS SERVER
- MS EXCEL
- MS Office Access
- Ms XBox
Jump to:
- 1. ssu.exe is it trojan ???
Hi, please tell me about ssu.exe and how to clean it in my laptop ? is it dangerouse ? Thanks, Hadi - 2. ssu.exe and remover
Hi, please tell me what is "ssu.exe" and how to work ? and how clean this trojan commpletely. thanks, Hadi - 3. Antivirus for SMTP Relay server
I am looking for Antivirus for SMTP Relay server (Windows platform). Any recommendation which antivirus to use? - 4. Security solution for LCS
Hi all, Has Microsoft some plans to publish a new security solution for Live Communication Server, like Microsoft Antigen for Instant Messaging? Or is Microsoft Antigen for Instant Messaging the last release of this product? Kind regards, Stefan Zysset MCSE: Security - 5. Antigen
anybody has try MS Antigen antivirus products? any comments?
Next
New virus worm alert ....
by Raiye » Sat, 28 May 2005 20:15:33 GMT
Re: New virus worm alert ....
by David H. Lipman » Sat, 28 May 2005 20:40:58 GMT
From: "Raiye" < XXXX@XXXXX.COM >
| New virus doing the rounds - We contracted it here via hotmail, so it got
| through trends virus guard used by hotmail, got through avg with no probs,
| and delivered its payload
|
| subjects of emails have been
|
| party invite
| attachment returned
| you suck!
|
| Contains a zip file 0.33mb in size
|
| disables the following ...
|
| cmd, regedit and taskman
|
| Even safe boot with command prompt will freeze
|
| Files delivered are party.scr and invite.pif, but the pif is hidden, and
| will not allow the file to be renamed to .txt it puts the .pif back to the
| end of it - avg will than flag suspicious activity but it dont know what.
|
| Any body know how to recover the disabled files without having to
| re-install - they are all still there - but are being trapped somehow
|
| TpwUK
|
Please submit the ZIP file to Virus Total --
http://www.**--****.com/
The submission will then be tested against 18 different AV vendor's scanners.
Another way to submit is to send the suspect file to the following email address
scan<at>virustotal.com
{ replace <at> with @ } with only the word SCAN as the subject.
Please post back the EXACT results.
--
Dave
http://www.**--****.com/
http://www.**--****.com/
Re: New virus worm alert ....
by Raiye » Sat, 28 May 2005 20:59:04 GMT
<snip>
VirusTotal is a free service offered by Hispasec Sistemas. There are no
guarantees about the availability and continuity of this service. Although
the detection rate afforded by the use of multiple antivirus engines is far
superior to that offered by just one product, these results DO NOT guarantee
the harmlessness of a file. Currently, there is not any solution that offers
a 100% effectiveness rate for detecting viruses and malware.
This is a report processed by VirusTotal on 05/27/2005 at 13:58:11 (CET)
after scanning the file "File.zip" file.
Antivirus Version Update Result
AntiVir 6.30.0.15 05.27.2005 no virus found
AVG 718 05.27.2005 no virus found
Avira 6.30.0.15 05.27.2005 no virus found
BitDefender 7.0 05.27.2005 Win32.Dod.A@mm
ClamAV devel-20050501 05.27.2005 no virus found
DrWeb 4.32b 05.27.2005 no virus found
eTrust-Iris 7.1.194.0 05.26.2005 Win32/Mugly.M!Worm
eTrust-Vet 11.9.1.0 05.27.2005 Win32.Mugly.L!ZIP
Fortinet 2.27.0.0 05.27.2005 W32/Mugly.M-mm
Ikarus 2.32 05.27.2005 no virus found
Kaspersky 4.0.2.24 05.27.2005 Email-Worm.Win32.Wurmark.l
McAfee 4500 05.26.2005 W32/Mugly.m@MM
NOD32v2 1.1110 05.27.2005 Win32/Wurmark.L
Norman 5.70.10 05.23.2005 no virus found
Panda 8.02.00 05.27.2005 W32/Mugly.M.worm
Sybari 7.5.1314 05.27.2005 no virus found
Symantec 8.0 05.27.2005 W32.Picrate.C@mm
VBA32 3.10.3 05.27.2005 Email-Worm.Win32.Wurmark.l
Re: New virus worm alert ....
by David H. Lipman » Sat, 28 May 2005 21:26:40 GMT
rom: "Raiye" < XXXX@XXXXX.COM >
| This is a report processed by VirusTotal on 05/27/2005 at 13:58:11 (CET)
| after scanning the file "File.zip" file.
|
| Antivirus Version Update Result
| AntiVir 6.30.0.15 05.27.2005 no virus found
| AVG 718 05.27.2005 no virus found
| Avira 6.30.0.15 05.27.2005 no virus found
| BitDefender 7.0 05.27.2005 Win32.Dod.A@mm
| ClamAV devel-20050501 05.27.2005 no virus found
| DrWeb 4.32b 05.27.2005 no virus found
| eTrust-Iris 7.1.194.0 05.26.2005 Win32/Mugly.M!Worm
| eTrust-Vet 11.9.1.0 05.27.2005 Win32.Mugly.L!ZIP
| Fortinet 2.27.0.0 05.27.2005 W32/Mugly.M-mm
| Ikarus 2.32 05.27.2005 no virus found
| Kaspersky 4.0.2.24 05.27.2005 Email-Worm.Win32.Wurmark.l
| McAfee 4500 05.26.2005 W32/Mugly.m@MM
| NOD32v2 1.1110 05.27.2005 Win32/Wurmark.L
| Norman 5.70.10 05.23.2005 no virus found
| Panda 8.02.00 05.27.2005 W32/Mugly.M.worm
| Sybari 7.5.1314 05.27.2005 no virus found
| Symantec 8.0 05.27.2005 W32.Picrate.C@mm
| VBA32 3.10.3 05.27.2005 Email-Worm.Win32.Wurmark.l
|
Well there 'ya go. It is the W32/Mugly worm .M variant.
http://vil.nai.com/vil/content/v_130470.htm
http://vil.nai.com/vil/content/v_131359.htm
The worm is not new, the .M variant may be.
Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files
Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear
Download CLEAN.EXE from the URL --
http://www.ik-cs.com/programs/virtools/clean.exe
It is a self-extracting ZIP file that contains the Kixtart Script Interpreter
{ http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link
(.lnk) files and a PDF instruction file.
GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line
Scanner. You may have to disable your FireWall or allow FTP.EXE to go through your FireWall
to allow the FTP utility to download the needed files
CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose
to scan again at a future date, run this batch file. It will automatically check the date
of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest
signature files and install them before performing the scan.
DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after
you have booted from an Emergency Boot Disk or DOS disk and have already executed;
c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from;
http://www.bootdisk.com/bootdisk.htm
I need you to perform the following...
Execute; CLEAN.EXE
Choose; Unzip
Choose; Close
Execute; c:\mcafee\GetFiles.BAT
{ or Double-click on 'GetFiles Link' in c:\mcafee }
Reboot the PC into Safe Mode [F8 key during boot]
Shutdown as many applications as possible !
It would also help for you to read - "How to perform a clean boot in Windows XP"
http://support.microsoft.com/kb/310353
Execute; c:\mcafee\CLEAN.BAT
{ or Double-click on 'Clean Link' in c:\mcafee }
A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or I
| This is a report processed by VirusTotal on 05/27/2005 at 13:58:11 (CET)
| after scanning the file "File.zip" file.
|
| Antivirus Version Update Result
| AntiVir 6.30.0.15 05.27.2005 no virus found
| AVG 718 05.27.2005 no virus found
| Avira 6.30.0.15 05.27.2005 no virus found
| BitDefender 7.0 05.27.2005 Win32.Dod.A@mm
| ClamAV devel-20050501 05.27.2005 no virus found
| DrWeb 4.32b 05.27.2005 no virus found
| eTrust-Iris 7.1.194.0 05.26.2005 Win32/Mugly.M!Worm
| eTrust-Vet 11.9.1.0 05.27.2005 Win32.Mugly.L!ZIP
| Fortinet 2.27.0.0 05.27.2005 W32/Mugly.M-mm
| Ikarus 2.32 05.27.2005 no virus found
| Kaspersky 4.0.2.24 05.27.2005 Email-Worm.Win32.Wurmark.l
| McAfee 4500 05.26.2005 W32/Mugly.m@MM
| NOD32v2 1.1110 05.27.2005 Win32/Wurmark.L
| Norman 5.70.10 05.23.2005 no virus found
| Panda 8.02.00 05.27.2005 W32/Mugly.M.worm
| Sybari 7.5.1314 05.27.2005 no virus found
| Symantec 8.0 05.27.2005 W32.Picrate.C@mm
| VBA32 3.10.3 05.27.2005 Email-Worm.Win32.Wurmark.l
|
Well there 'ya go. It is the W32/Mugly worm .M variant.
http://vil.nai.com/vil/content/v_130470.htm
http://vil.nai.com/vil/content/v_131359.htm
The worm is not new, the .M variant may be.
Dump the contents of the IE Temporary Internet Folder cache (TIF)
Start --> Settings --> Control Panel --> Internet Options --> Delete Files
Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
Tools --> Options --> Privacy --> Cache --> Clear
Download CLEAN.EXE from the URL --
http://www.ik-cs.com/programs/virtools/clean.exe
It is a self-extracting ZIP file that contains the Kixtart Script Interpreter
{ http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link
(.lnk) files and a PDF instruction file.
GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line
Scanner. You may have to disable your FireWall or allow FTP.EXE to go through your FireWall
to allow the FTP utility to download the needed files
CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose
to scan again at a future date, run this batch file. It will automatically check the date
of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest
signature files and install them before performing the scan.
DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after
you have booted from an Emergency Boot Disk or DOS disk and have already executed;
c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from;
http://www.bootdisk.com/bootdisk.htm
I need you to perform the following...
Execute; CLEAN.EXE
Choose; Unzip
Choose; Close
Execute; c:\mcafee\GetFiles.BAT
{ or Double-click on 'GetFiles Link' in c:\mcafee }
Reboot the PC into Safe Mode [F8 key during boot]
Shutdown as many applications as possible !
It would also help for you to read - "How to perform a clean boot in Windows XP"
http://support.microsoft.com/kb/310353
Execute; c:\mcafee\CLEAN.BAT
{ or Double-click on 'Clean Link' in c:\mcafee }
A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
end of the scan, it will be displayed in your browser (Opera, FireFox or I
Re: New virus worm alert ....
by David H. Lipman » Sat, 28 May 2005 22:57:55 GMT
From: "Raiye" < XXXX@XXXXX.COM > | This is a report processed by VirusTotal on 05/27/2005 at 13:58:11 (CET) | after scanning the file "File.zip" file. | | Antivirus Version Update Result | AntiVir 6.30.0.15 05.27.2005 no virus found | AVG 718 05.27.2005 no virus found | Avira 6.30.0.15 05.27.2005 no virus found | BitDefender 7.0 05.27.2005 Win32.Dod.A@mm | ClamAV devel-20050501 05.27.2005 no virus found | DrWeb 4.32b 05.27.2005 no virus found | eTrust-Iris 7.1.194.0 05.26.2005 Win32/Mugly.M!Worm | eTrust-Vet 11.9.1.0 05.27.2005 Win32.Mugly.L!ZIP | Fortinet 2.27.0.0 05.27.2005 W32/Mugly.M-mm | Ikarus 2.32 05.27.2005 no virus found | Kaspersky 4.0.2.24 05.27.2005 Email-Worm.Win32.Wurmark.l | McAfee 4500 05.26.2005 W32/Mugly.m@MM | NOD32v2 1.1110 05.27.2005 Win32/Wurmark.L | Norman 5.70.10 05.23.2005 no virus found | Panda 8.02.00 05.27.2005 W32/Mugly.M.worm | Sybari 7.5.1314 05.27.2005 no virus found | Symantec 8.0 05.27.2005 W32.Picrate.C@mm | VBA32 3.10.3 05.27.2005 Email-Worm.Win32.Wurmark.l | I received your email indicating that the McAfee Command Line Scanner removed the W32/Mugly.m@MM as well as the W32/sdbot.worm.gen.t -- Dave http://www.**--****.com/ http://www.**--****.com/
Re: New virus worm alert ....
by Raiye » Sat, 28 May 2005 23:02:42 GMT
<snip> Many thanks for the private mails - saves clogging the thread, excellent tips, and new lessons learnt TpwUK
Re: New virus worm alert ....
by Crouchie1998 » Mon, 30 May 2005 07:28:46 GMT
Any virus seems to get through Hotmail. Just before Hotmail started to use Trend they used McAfee online virus scanner & I proved to both Hotmail & to McAfee that a virus was getting through the system on these 4 seperate occassions. Not long after, Hotmail changed it online scanner Crouchie1998 BA (HONS) MCP MCSE
Re: New virus worm alert ....
by Crouchie1998 » Tue, 31 May 2005 13:53:21 GMT
Hoaxes start like this. If you think you have a new virus then submit it to SARC or McAfee... Crouchie1998 BA (HONS) MCP MCSE
Re: New virus worm alert ....
by David H. Lipman » Tue, 31 May 2005 22:01:01 GMT
From: "Crouchie1998" < XXXX@XXXXX.COM > | Hoaxes start like this. If you think you have a new virus then submit it to | SARC or McAfee... | | Crouchie1998 | BA (HONS) MCP MCSE | Actually it should be submitted to Virus Total. The suspect will be tested against 18 different AV vendor's scanners and the suspect is distributed to all member vendors as well This includes Symantec and McAfee. http://www.**--****.com/ Based upon the resultant report, the submitter will know if it is truly new, if it is an infector and what AV vendor's software recognizes the submission. -- Dave http://www.**--****.com/ http://www.**--****.com/
9 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 35 guest