Welcome to SecurityForumz.com!
FAQFAQ      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

new? virus

  
   Security Forums (Home) -> General Discussions RSS
Next:  Kaspersky Lite  
Author Message
jgmoyay

External


Since: Jul 14, 2003
Posts: 6



(Msg. 1) Posted: Mon Jul 14, 2003 1:01 am
Post subject: new? virus
Archived from groups: alt>comp>virus (more info?)
Hello. A trojan has arrived to my computer, and It can't be detected by
mcafee (v. 6, latest DATs) or norton (online version).

Subject: Fernando Alonso Miente
Body:
sera verdad?

Attachment:
MySQL-checker.zip

Contains an .EXE whith lines like these:

C:\Archivos de programa\ #(spanish "program files" path)
KMD\My Shared Folder
Kazaa\My Shared Folder
Kazaa Lite\My Shared Folder
LimeWire\Shared
Gnucleus\Downloads
Gnucleus\Downloads\Incoming
Shareaza\Downloads
BearShare\Shared
Edonkey2000\Incoming
Edonkey Incoming
Morpheus\My Shared Folder
Grokster\My Grokster
ICQ\Shared Files
My Music
My Documents\My Music
My Downloads

So I suspect it could be a virus or trojan.

 >> Stay informed about: new? virus 
Back to top
Login to vote
Blevins

External


Since: Jul 13, 2003
Posts: 25



(Msg. 2) Posted: Mon Jul 14, 2003 1:02 am
Post subject: Re: new? virus [Login to view extended thread Info.]
Imported from groups: per prev. post (more info?)
This message is not archived

 >> Stay informed about: new? virus 
Back to top
Login to vote
jgmoyay

External


Since: Jul 14, 2003
Posts: 6



(Msg. 3) Posted: Mon Jul 14, 2003 2:58 am
Post subject: Re: new? virus [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
kapersky finds nothing.
McAfee webimmune heuristically detects a virus.



"Blevins" <Blevins DeleteThis @mchsi.com> escribió en el mensaje
news:chr3hvk5l32pvvarhqbje96jonjamucrgm@4ax.com...
> On Mon, 14 Jul 2003 01:01:59 +0200, "jgmoyay"
> <jgmoyayQUITAESTO DeleteThis @ya.com> wrote:
>
> >So I suspect it could be a virus or trojan
>
>
> Go to www.kaspersky.com and use their online file checker. In any
> case, send it to the AV lab of your choice for analysis.
>
 >> Stay informed about: new? virus 
Back to top
Login to vote
Blevins

External


Since: Jul 13, 2003
Posts: 25



(Msg. 4) Posted: Mon Jul 14, 2003 2:58 am
Post subject: Re: new? virus [Login to view extended thread Info.]
Imported from groups: per prev. post (more info?)
This message is not archived
 >> Stay informed about: new? virus 
Back to top
Login to vote
Nick FitzGerald

External


Since: Jul 03, 2003
Posts: 179



(Msg. 5) Posted: Mon Jul 14, 2003 4:35 pm
Post subject: Re: new? virus [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"Blevins" <Blevins.DeleteThis@mchsi.com> wrote to "jgmoyay":

[Posted and Emailed...]

> >McAfee webimmune heuristically detects a virus.
>
> Copy whichever file is states is infected, zip archive it and send it
> to the various AV labs for analysis.

Further to Bill's advice, here is a list of the sample submission addresses of
the better known AV developers -- at a minimum, send it to those whose products
you use or prefer (sending it to more than one is a good idea even if you only
use one product):

Command Software <virus.DeleteThis@commandcom.com>
Computer Associates (US) <virus.DeleteThis@ca.com>
Computer Associates (Vet/EZ) <ipevirus.DeleteThis@vet.com.au>
DialogueScience (Dr. Web) <Antivir.DeleteThis@dials.ru>
Eset (NOD32) <sample.DeleteThis@nod32.com>
F-Secure Corp. <samples.DeleteThis@f-secure.com>
Frisk Software (F-PROT) <viruslab.DeleteThis@f-prot.com>
Grisoft (AVG) <virus.DeleteThis@grisoft.cz>
H+BEDV (AntiVir): <virus.DeleteThis@antivir.de>
Kaspersky Labs <newvirus.DeleteThis@kaspersky.com>
Network Associates (McAfee) <virus_research.DeleteThis@nai.com>
Norman (NVC) <analysis.DeleteThis@norman.no>
Sophos Plc. <support.DeleteThis@sophos.com>
Symantec (Norton) <avsubmit.DeleteThis@symantec.com>
Trend Micro (PC-cillin) <virus_doctor.DeleteThis@trendmicro.com>
(Trend may only accept files from registered users of its products)


--
Nick FitzGerald
 >> Stay informed about: new? virus 
Back to top
Login to vote
Nick FitzGerald

External


Since: Jul 03, 2003
Posts: 179



(Msg. 6) Posted: Mon Jul 14, 2003 4:35 pm
Post subject: Re: new? virus [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"Blevins" <Blevins.DeleteThis@mchsi.com> wrote to "jgmoyay":

[Posted and Emailed...]

> >McAfee webimmune heuristically detects a virus.
>
> Copy whichever file is states is infected, zip archive it and send it
> to the various AV labs for analysis.

Further to Bill's advice, here is a list of the sample submission addresses of
the better known AV developers -- at a minimum, send it to those whose products
you use or prefer (sending it to more than one is a good idea even if you only
use one product):

Command Software <virus.DeleteThis@commandcom.com>
Computer Associates (US) <virus.DeleteThis@ca.com>
Computer Associates (Vet/EZ) <ipevirus.DeleteThis@vet.com.au>
DialogueScience (Dr. Web) <Antivir.DeleteThis@dials.ru>
Eset (NOD32) <sample.DeleteThis@nod32.com>
F-Secure Corp. <samples.DeleteThis@f-secure.com>
Frisk Software (F-PROT) <viruslab.DeleteThis@f-prot.com>
Grisoft (AVG) <virus.DeleteThis@grisoft.cz>
H+BEDV (AntiVir): <virus.DeleteThis@antivir.de>
Kaspersky Labs <newvirus.DeleteThis@kaspersky.com>
Network Associates (McAfee) <virus_research.DeleteThis@nai.com>
Norman (NVC) <analysis.DeleteThis@norman.no>
Sophos Plc. <support.DeleteThis@sophos.com>
Symantec (Norton) <avsubmit.DeleteThis@symantec.com>
Trend Micro (PC-cillin) <virus_doctor.DeleteThis@trendmicro.com>
(Trend may only accept files from registered users of its products)


--
Nick FitzGerald
 >> Stay informed about: new? virus 
Back to top
Login to vote
jgmoyay

External


Since: Jul 14, 2003
Posts: 6



(Msg. 7) Posted: Mon Jul 14, 2003 4:35 pm
Post subject: Re: new? virus [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Thanks. I send it to some AV labs, but in many of them I was unable to find
the sample-submission address.
Bye!



"Nick FitzGerald" <nick.TakeThisOut@virus-l.demon.co.uk> escribió en el mensaje
news:3f12331d@clear.net.nz...
> "Blevins" <Blevins.TakeThisOut@mchsi.com> wrote to "jgmoyay":
>
> [Posted and Emailed...]
>
> > >McAfee webimmune heuristically detects a virus.
> >
> > Copy whichever file is states is infected, zip archive it and send it
> > to the various AV labs for analysis.
>
> Further to Bill's advice, here is a list of the sample submission
addresses of
> the better known AV developers -- at a minimum, send it to those whose
products
> you use or prefer (sending it to more than one is a good idea even if you
only
> use one product):
>
> --
> Nick FitzGerald
>
>
 >> Stay informed about: new? virus 
Back to top
Login to vote
jgmoyay

External


Since: Jul 14, 2003
Posts: 6



(Msg. 8) Posted: Mon Jul 14, 2003 4:35 pm
Post subject: Re: new? virus [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
c.b. of es.comp.virus has sent samples to F-Prot and kapersky, and these
companies have included it on its daily updates.
 >> Stay informed about: new? virus 
Back to top
Login to vote
JMar827

External


Since: Jul 15, 2003
Posts: 1



(Msg. 9) Posted: Tue Jul 15, 2003 2:52 am
Post subject: Re: new? virus [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Try the active scan on www.pandasoftware.com another source of protection.
 >> Stay informed about: new? virus 
Back to top
Login to vote
Nick FitzGerald

External


Since: Jul 03, 2003
Posts: 179



(Msg. 10) Posted: Tue Jul 15, 2003 7:37 pm
Post subject: Re: new? virus [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
"jgmoyay" <jgmoyayQUITAESTO RemoveThis @ya.com> wrote:

> c.b. of es.comp.virus has sent samples to F-Prot and kapersky, and these
> companies have included it on its daily updates.

What name have they given it? What does it do?


--
Nick FitzGerald
 >> Stay informed about: new? virus 
Back to top
Login to vote
jgmoyay

External


Since: Jul 14, 2003
Posts: 6



(Msg. 11) Posted: Tue Jul 15, 2003 7:37 pm
Post subject: Re: new? virus: Responses [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Here are some responses from AV software companies (reverse ordered by time)

symantec: no malicious code found
panda: This malware only copies self into p2p directories, but does not
propagate further.
etrust EZ antivirus: (Worm.P2P.Kamadina) (W32/Silka.worm)
sophos: W95/SillyP2P-A.
norman.no: This a P2P worm, but it's very language specific
f-secure: new p2p (peer-to-peer) worm.

I suppose symantec's response is due limited "damage" done by virus. Once
executed, it will only try to propagate self, destroying nothing.

Panda's analist readed my spanish post saying this could be a joke made by
other es.comp.virus member. After reading it, he noticed the limited
behaviour of the worm.

norman.no says "very language specific" because virus will try to copy self
into:
C:\archivos de programa\emule\incoming,
but not into:
C:\program files\emule\incoming.

But I think a lamer could fix this to propagate virus around UK/US-locale
computers.

I think sophos name is very expresive.

"Nick FitzGerald" <nick.RemoveThis@virus-l.demon.co.uk> escribió en el mensaje
news:3f13af3e@clear.net.nz...
> "jgmoyay" <jgmoyayQUITAESTO.RemoveThis@ya.com> wrote:
>
> > c.b. of es.comp.virus has sent samples to F-Prot and kapersky, and these
> > companies have included it on its daily updates.
>
> What name have they given it? What does it do?
>
>
> --
> Nick FitzGerald
>
>
 >> Stay informed about: new? virus 
Back to top
Login to vote
Display posts from previous:   
Related Topics:
about virus - Hello, Help me please. When I browse internet, I often get virus warning messages: Virus name: W32/Deloder.worm Infected file: C:\WINNT\system32\Dvldr32.exe and Virus name: BackDoor-ARG.dr Infected file: C:\WINNT\system32\inst.exe Neither files can be....

Virus SW registration for updates - I have an older version of Norton Antivirus that Norton no longer supports. I do not have to pay a subscription for updating my .dat files. Does all of the newer Software require that users pay such a subscription? Would anyone have any idea why Norto...

Have I a virus? - Avery now and then, randomly, no pattern a loud duck quack sounds from my computer. I have no WAV file ion my system for this and have searched evrywhere for something that would explain it. I have SPY BOT and AD-ware installed. n uptodate virus cvheck....

virus to avoid illegal copy.... please help - Well about polyboot 512... I need that virus becuase I think (yes I use to do that) that could help to fight agains illegal copy from my software... actually I am using license control software to distribute my software along with the hole pc. my BIG...

First PC anti-virus, trivia question - Which company developed the first PC anti-virus ? Some say it was Symantec others say it was an Israeli firm.
   Security Forums (Home) -> General Discussions All times are: Pacific Time (US & Canada) (change)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]