Results 1 to 7 of 7

Thread: Unknown Virus

  1. #1
    Funking Prink! Raz316's Avatar
    Join Date
    Jul 2003
    Location
    Deal, Kent, UK
    Posts
    2,978
    Thanks
    130
    Thanked
    62 times in 52 posts

    Unknown Virus

    Afternoon.

    From about 11 this morning, we have been getting emails in from random (though probably real) addresses. The only reason they were blocked at the mail server was because they contained .exe files. As far as I can tell the attachments are just randomly named...

    btpea.exe
    mcfptopht.exe
    fvkxh.exe
    idkkcqh.exe
    sjn.exe

    Any idea which virus this is? I had a look on Symantec.com but none of the newer ones describe randomly named attachments.

    ta!

  2. #2
    Spinal Pap Tomahawk's Avatar
    Join Date
    Jul 2003
    Location
    Bristol/Manchester Uni
    Posts
    1,002
    Thanks
    8
    Thanked
    13 times in 8 posts
    Could possibly be MyDoom as that renames attachments randomly....and it sends you loads of emails from different addresses...


    [ iTomaHawk | My Music MySpace ]

  3. #3
    Funking Prink! Raz316's Avatar
    Join Date
    Jul 2003
    Location
    Deal, Kent, UK
    Posts
    2,978
    Thanks
    130
    Thanked
    62 times in 52 posts
    Ta! Yeah it could be, but it would be wierd if it was because we have been blocking it (i.e. the Mailserver AV recognising it is MyDoom) for a while now.

  4. #4
    Comfortably Numb directhex's Avatar
    Join Date
    Jul 2003
    Location
    /dev/urandom
    Posts
    17,074
    Thanks
    228
    Thanked
    1,027 times in 678 posts
    • directhex's system
      • Motherboard:
      • Asus ROG Strix B550-I Gaming
      • CPU:
      • Ryzen 5900x
      • Memory:
      • 64GB G.Skill Trident Z RGB
      • Storage:
      • 2TB Seagate Firecuda 520
      • Graphics card(s):
      • EVGA GeForce RTX 3080 XC3 Ultra
      • PSU:
      • EVGA SuperNOVA 850W G3
      • Case:
      • NZXT H210i
      • Operating System:
      • Ubuntu 20.04, Windows 10
      • Monitor(s):
      • LG 34GN850
      • Internet:
      • FIOS
    zip it, password the zip as INFECTED, send it to virus_research@nai.com

    it might not be new, but at the very least they mail you back to tell you waht it was

    http://us.mcafee.com/root/faqs.asp?faq=453

  5. #5
    Funking Prink! Raz316's Avatar
    Join Date
    Jul 2003
    Location
    Deal, Kent, UK
    Posts
    2,978
    Thanks
    130
    Thanked
    62 times in 52 posts
    I may just do that, thanks. The e-mails are currently just deleted, so when I can be arsed to get up and wander to the server room I'll change whats needed to get a copy.

  6. #6
    Oh no!I've re-dorkalated! Jiff Lemon's Avatar
    Join Date
    Jul 2003
    Location
    Sunny MK
    Posts
    2,504
    Thanks
    80
    Thanked
    44 times in 41 posts
    Nope, variation of W32/Bagle-B.

    Description:
    W32/Bagle-B is a mass-mailing worm that also installs a back door server on compromised systems.The worm arrives in a message with the following characteristics:
    Subject line: ID <random characters>... thanks
    Message text:Yours ID <random characters>--Thank
    Attached file: <Randomly_generated_name>.exe
    When executed, it performs the following actions:
    Launches sndrec32.exe, the Windows Sound Recorder.
    Copies itself to %System%\au.exe.
    Adds the value: "au.exe"="%System%\au.exe" to the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runso that the worm runs when starting Windows.
    Adds the key: HKEY_CURRENT_USER\SOFTWARE\Windows2000
    The virus listens on TCP port 8866 for remote connections. A notification is sent to the author(s) via HTTP Port 80. A GET request (containing the port number and "id") is sent to a PHP script on remote server(s):www.47df.dewww.strato.deintern.games-ring.de·
    Note - W32/Bagle-B is coded to stop on February 25th, 2004.

  7. #7
    Funking Prink! Raz316's Avatar
    Join Date
    Jul 2003
    Location
    Deal, Kent, UK
    Posts
    2,978
    Thanks
    130
    Thanked
    62 times in 52 posts
    Ooo that be the one

    Thanks mr!

    EDIT> Just showed up on Symantec as W32.Alua@mm with a rating of 3 already : o
    Last edited by Raz316; 17-02-2004 at 06:06 PM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. file eating monster: virus, XP or hard drive
    By justravis in forum PC Hardware and Components
    Replies: 16
    Last Post: 26-02-2009, 02:58 AM
  2. Is anti virus software worth it?
    By ives in forum Software
    Replies: 70
    Last Post: 17-08-2005, 06:43 PM
  3. The AOL virus :D
    By Alex in forum General Discussion
    Replies: 2
    Last Post: 07-02-2004, 04:10 AM
  4. Svchostc problems – possible virus
    By Jimmy Little in forum Software
    Replies: 10
    Last Post: 10-12-2003, 10:27 AM
  5. list@hexus virus spam
    By Swafe in forum Software
    Replies: 16
    Last Post: 24-08-2003, 03:51 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •