Home page logo
/

basics logo Security Basics mailing list archives

re: New Virus?
From: "meowbaby" <9mv7615ts9er3rg8tr2hjn02 () sneakemail com>
Date: 29 Jun 2005 02:01:10 -0000

http://us.mcafee.com/virusInfo/default.asp?id=description&virus_k=129512

McAfee says it's one of the Bagle variants.. Virus Profile: W32/Bagle.dldr

-- Update 27 June, 2005--
The spamming from yesterday continue today, with filenames such as:

    * ds-rwe.exe
    * f5434.exe

The typical subject line of these messages is "The picture is sent on SMS"
Detection requirements for these 2 files is the same as yesterday, DAT version 4522.

Note: Stinger has not been updated for either of these two spammings, as these two updates were not classified as 
Medium or above severity.

-- Update 26 June, 2005--
There was another round of mass-spamming, of a new Bagle downloader.  Messages may contain an attachment with one of 
the following names:

    * Legs.zip
    * original.zip
    * In_park.zip

The ZIP files contain a file named f22-013.exe (36,864 bytes)
MD5: 0x3f123980866092fedd6bc75e9b273087

This new variant is detected in the 4522 DAT files.

*****

I'd try Housecall(trend micro) or Mcafee online scanners to see if they can rid you of the pestilence, in Safe Mode 
with Networking mode.. before formatting/reinstalling. 


-------------------- BEGIN SNIP---------------------

As you can guess, I'm hamish1 () webhosting net nz 
This email contained no text, only an attachment called legs.zip, which 
Norton (fully updated to its' latest version and data files) did not detect 
any viruses in.
Within the legs.zip file there is a file called ds-rwe.exe - this again was 
not detected as a virus.
My girlfriend thought she would be smart and ran ds-rwe.exe, which gave me a 
memory overflow message for explorer.exe immidiately.
Does anyone have any idea of what this might be, and also if it is a virus 
that has already been identified? If not, I am willing to pass it through to 
someone to take a look at in its' zip format.
Otherwise if the effects cannot be reversed, I am afraid I will have to 
reformat this machine *sigh* NOT AGAIN :(
Have a great day everyone and thanks in advance for your help.

-------------------- END SNIP-----------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault