Spyware, viruses, & security : VIRUS ALERTS - April 22, 2004
- 4/22/04 7:03 AM
Re:Troj/Agent-L
by bigisle - 5/14/04 1:42 AM In reply to: Troj/Agent-L by Marianna Schmudlach
Aloha I have this worm on my computer.
Can you please direct me for directions to get it
off? Norton did not pick it up. But House Call Trend Micro did.
It was unable to clean it or delete it however.
I have persued the trojan link you give below. From this URL:
http://www.sophos.com/virusinfo/analyses/trojagentl.html
Is it sufficient to go into the registry and delete the following:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SysUpd
AND
HKCU\Software\Microsoft\SysUpd.
Today is May 14th, I hope it is not too late to contact you about this and you can reply as soon as possible. Thank you,
Antoinette
islandantoinette@earthlink.net
OS is
I have a Pentium 4
Run Windows XP Home Edition
512 RAM
HD 30
HD 80
Flat Panel 15" Monitor Neovo Brand
Lexmark 3 in 1 printer
Apollo Printer (HP knock off)
Re:Re:Troj/Agent-L
by Donna Buenaventura - 5/14/04 1:53 AM
In reply to: Re:Troj/Agent-L by bigisle
Hi,
You are using Windows XP which has System Restore feature - you should disable System Restore because Antivirus programs cannot clean or remove the infected file if the location of the file is in the Restore folder.
Go to http://www.pchell.com/virus/systemrestore.shtml for instruction on how to disable System Restore
With regards to removing the above-mentioned trojan, as per Sophos:
Click Start|Run. Type 'Regedit' and press OK. The registry editor opens.
Before you edit the registry, you should make a backup. On the 'Registry' menu, click 'Export Registry File'. In the 'Export range' panel, click 'All', then save your registry as Backup.
Locate the HKEY_LOCAL_MACHINE entry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\SysUpd
and delete it if it exists.
Close the registry editor.
Troj/IEStart-H
by Marianna Schmudlach - 4/22/04 10:30 AM
In reply to: VIRUS ALERTS - April 22, 2004 by Marianna Schmudlach
Aliases
TrojanClicker.VBS.Krepper, VBS/IEstart.gen.e, VBS_RANDPOP.A
Type
Trojan
At the time of writing, Sophos has received just one report of this Trojan from the wild.
Description
A detailed analysis will be published here shortly. Please check again later.
http://www.sophos.com/virusinfo/analyses/trojiestarth.html
Re: Troj/IEStart-H
by AHawkes - 7/1/04 10:20 AM In reply to: Troj/IEStart-H by Marianna Schmudlach
I just got this trojan so hopefully sophos can update their site to say that they have more than one report from the wild!
Re: Troj/IEStart-H
by Marianna Schmudlach - 7/1/04 10:26 AM
In reply to: Re: Troj/IEStart-H by AHawkes
This was an alert for April 22, 2004 - I BET they have gotten MUCH more in the meantime 
Panda Software reports a spam message that downloads a Trojan
by Marianna Schmudlach - 4/22/04 10:36 AM
In reply to: VIRUS ALERTS - April 22, 2004 by Marianna Schmudlach
Madrid, April 22 2004 - PandaLabs has detected a spam message currently
being sent to users which tries to get recipients to visit an advertising
page and which also downloads a Trojan to users computers.
The characteristics of the message are:
From: the name of the sender is variable, although it tries to make
recipients think it has been sent by the BBC or CNN.
Subject: "Osama Bin Laden Captured",
Message text: "Hey, Just got this from CNN, Osama Bin Laden has been
captured! Goto the link below to view the pics and to download the video if
you so wish: (Internet address) "Murderous coward he is". God bless
America!".
The address indicated in the message takes users to what appears to be an
advertising page. However, the page contains code that exploits a
vulnerability (detected by Panda antivirus as Exploit/MIE.CHM). The code
also downloads and runs a file (detected as VBS/Psyme.C). Finally, a file
called EXPLOIT.EXE, which contains the Trojan Trj/Small.B is downloaded from
Internet onto users' machines.
Backdoor.Berbew.D
by Marianna Schmudlach - 4/22/04 6:08 PM
In reply to: VIRUS ALERTS - April 22, 2004 by Marianna Schmudlach
Discovered on: April 21, 2004
Last Updated on: April 22, 2004 10:41:15 AM
Backdoor.Berbew.D is a Backdoor Trojan horse that attempts to steal cached passwords.
Note: Virus definitions released April 21, 2004 detect this threat as Backdoor.Padodor.
Also Known As: Backdoor.Padodor.e [Kaspersky]
Variants: Backdoor.Berbew, Backdoor.Berbew.B, Backdoor.Berbew.C
Type: Trojan Horse
More: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.berbew.d.html
W32.Gaobot.ADN
by Marianna Schmudlach - 4/22/04 6:10 PM
In reply to: VIRUS ALERTS - April 22, 2004 by Marianna Schmudlach
Discovered on: April 21, 2004
Last Updated on: April 22, 2004 10:32:47 AM
W32.Gaobot.ADN is a minor variant of W32.Gaobot.SY. This worm attempts to spread through network shares that have weak passwords and allows attackers to access an infected computer using a predetermined IRC channel.
The worm uses multiple vulnerabilities to spread, including:
The DCOM RPC vulnerability (described in Microsoft Security Bulletin MS03-026) using TCP port 135.
The WebDav vulnerability (described in Microsoft Security Bulletin MS03-007) using TCP port 80.
The Workstation service buffer overrun vulnerability (described in Microsoft Security Bulletin MS03-049) using TCP port 445. Windows XP users are protected against this vulnerability if Microsoft Security Bulletin MS03-043 has been applied. Windows 2000 users must apply MS03-049.
The Microsoft Messenger Service Buffer Overrun Vulnerability (described in Microsoft Security Bulletin MS03-043)
The Locator service vulnerability (described in Microsoft Security Bulletin MS03-001) using TCP port 445. The worm specifically targets Windows 2000 computers with this exploit.
The UPnP vulnerability (described in Microsoft Security Bulletin MS01-059).
The vulnerabilities in Microsoft SQL Server 2000 or MSDE 2000 audit (described in Microsoft Security Bulletin MS02-061) using UDP port 1434.
Sending itself to the backdoor port that the Beagle family of worms opens.
Sending itself to the backdoor port that the Mydoom family of worms opens.
This threat may be compressed with BJFNT.
Type: Worm
More: http://securityresponse.symantec.com/avcenter/venc/data/w32.gaobot.adn.html
Trojan.Mercurycas.A
by Marianna Schmudlach - 4/22/04 6:11 PM
In reply to: VIRUS ALERTS - April 22, 2004 by Marianna Schmudlach
Discovered on: April 22, 2004
Last Updated on: April 22, 2004 10:34:03 AM
Trojan.Mercurycas.A is a Trojan horse that allows an infected computer to be used as an email relay.
The Trojan is written in C++ and is packed with UPX.
Type: Trojan Horse
More: http://securityresponse.symantec.com/avcenter/venc/data/trojan.mercurycas.a.html
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
