Re: i think i found a new virus in Security

Re: i think i found a new virus in Security http://www.dslreports.com/forum/r13422377 en Tue, 08 Dec 2009 17:20:03 EDT Tue, 08 Dec 2009 17:20:03 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13442043 LAB70 : even zonealarm w/av got it.]]> http://www.dslreports.com/forum/remark,13442043 Wed, 18 May 2005 22:40:13 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13433693 bcool : I'm happy to report that even NAV2003 did its thing!
--
"in flagrante delicto"

dusty ol' NAV2003

]]> http://www.dslreports.com/forum/remark,13433693 Tue, 17 May 2005 23:05:43 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13432880 RayMorris : SAV Got it too.

]]> http://www.dslreports.com/forum/remark,13432880 Tue, 17 May 2005 21:30:33 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13432509 lawrence171 : AntiVir Personal Edition also have detected it.]]> http://www.dslreports.com/forum/remark,13432509 Tue, 17 May 2005 20:48:36 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13431083 lol2004 : [ General information ]
* File might be compressed.
* File length: 60053 bytes.

[ Changes to filesystem ]
* Creates file C:\WINDOWS\mgs.exe.
* Deletes file 1.

[ Changes to registry ]
* Creates key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon".
* Sets value "Shell"="Explorer.exe C:\WINDOWS\MGS.EXE" in key "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon".
* Creates value "Windows Service Manager"="C:\WINDOWS\MGS.EXE" in key "HKLM\Software\Microsoft\Windows\CurrentVersion\Run".

[ Network services ]
* Connects to "ftpd.there3d.com" on port 4888 (TCP).
* Connects to IRC Server.
* Sends data stream (55 bytes) to remote address "ftpd.there3d.com", port 4888.

[ Process/window information ]
* Creates a mutex mgs.exe.
* Will automatically restart after boot (I'll be back...).]]> http://www.dslreports.com/forum/remark,13431083 Tue, 17 May 2005 17:52:55 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13430267 mboy : Kav nail'd it as did Panda.]]> http://www.dslreports.com/forum/remark,13430267 Tue, 17 May 2005 16:19:13 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13427016 HA Nut : As of 8am CDT in the US, NOD32, PC-cillin and Vet still do not detect this virus. (These are the AV's we use at work.) Hopefully soon... :)]]> http://www.dslreports.com/forum/remark,13427016 Tue, 17 May 2005 09:19:15 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13425187 redxii : I tracked the virus using RegMon. It does a major traverse of the registry. I only found the following to be edited by the file (keep in mind this log was done under a limited account):

687 4.64690685 untitled.jpg.ex:1960 SetValue HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed SUCCESS BD 44 69 7E 34 27 02 7E ...

I have no clue what that does, however.

Also, it created up to 3000 or more new files in the Windows directory. I am unable to find where exactly in the Windows folders these files are stored. If I find out then I will post. These files were not created when I ran it under a limited account.
--
Asus A7N8X-X, Athlon XP 2400+ @ 2.0GHz, 1024MB DDR RAM (@ PC2100), GeForce FX 5600Ultra 128MB, Samsung SD-616T 16x DVD-ROM and Sony CRX215E1 48x24x48 CD-RW, 40GB & 120GB HDD. Windows Security Blog]]> http://www.dslreports.com/forum/remark,13425187 Mon, 16 May 2005 23:45:03 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13423631 lol2004 : w32/sdbot.worm.gen.bh
it doesnt have write out yet i think]]> http://www.dslreports.com/forum/remark,13423631 Mon, 16 May 2005 20:47:41 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13423397 redxii : Does McAfee have a writeup of the virus? And the name too.]]> http://www.dslreports.com/forum/remark,13423397 Mon, 16 May 2005 20:21:17 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13423248 lol2004 : i did it mcafee send me this file it worked dat installed it scanning for that stupid virus]]> http://www.dslreports.com/forum/remark,13423248 Mon, 16 May 2005 20:03:13 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13423134 lol2004 : what do i do with that stupid .dat

Extra.zip 2,647 bytes
(Extra.dat)

]]> http://www.dslreports.com/forum/remark,13423134 Mon, 16 May 2005 19:49:40 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13422984 kpatz :

said by Quex

:

F-Prot nailed it, despite its failure to detect anything in the jotti screenshot.

F-prot is detecting this worm heuristically; perhaps Jotti has heuristics turned off on F-prot.
--
SMTP: Spam and Malware Transfer Protocol. Also used on rare occasion to transmit e-mail messages.]]> http://www.dslreports.com/forum/remark,13422984 Mon, 16 May 2005 19:30:12 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13422849 QS : ya mcafee enterprise 8 with latest dat's doesn't detect it as a badee. Not like mcafee to be so slow]]> http://www.dslreports.com/forum/remark,13422849 Mon, 16 May 2005 19:13:38 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13422712 lol2004 : im waiting for a new sandbox email......................]]> http://www.dslreports.com/forum/remark,13422712 Mon, 16 May 2005 18:58:57 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13422597 amysheehan :

said by lol2004

:

but mcafee doesnt detest this is diffent from all of viruses andf it added a mgs.exe to the %systemroot%

This tool is useful if Virustotal or Jotti didn't find anything, but you are still suspicious about a file. You pick a file to upload and the tool watches it run on a test (sandbox) system. Then the tool sends a report on what it saw.

»sandbox.norman.no/live_4.html (Norman AV's SandBox analysis tool)

Interpreting the report requires some expertise, so post the sandbox results in this thread.

If the sandbox analysis does find something the other tools missed, it will be something very new.

:)]]> http://www.dslreports.com/forum/remark,13422597 Mon, 16 May 2005 18:45:26 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13422520 KyeU : F-Prot also detects it ^_^

EDIT: Quex posted before me :D

F-Prot

]]> http://www.dslreports.com/forum/remark,13422520 Mon, 16 May 2005 18:36:58 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13422494 Quex : F-Prot nailed it, despite its failure to detect anything in the jotti screenshot.]]> http://www.dslreports.com/forum/remark,13422494 Mon, 16 May 2005 18:35:08 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13422491 lol2004 : but mcafee doesnt detest this is diffent from all of viruses andf it added a mgs.exe to the %systemroot%]]> http://www.dslreports.com/forum/remark,13422491 Mon, 16 May 2005 18:34:33 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13422402 lol2004 : i send it them all 30 antivirus maker thx you, you guys are the best]]> http://www.dslreports.com/forum/remark,13422402 Mon, 16 May 2005 18:25:21 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13422377 kpatz : NAV detects it:

»securityresponse.symantec.com/av···m.a.html

W32.Allim.A is a worm that spreads a variant of the W32.Spybot.Worm through America Online Instant Messenger (AIM).
--
SMTP: Spam and Malware Transfer Protocol. Also used on rare occasion to transmit e-mail messages.

]]> http://www.dslreports.com/forum/remark,13422377 Mon, 16 May 2005 18:22:39 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13422294 SpannerITWks : Hi, i just DW it from your link. It doesn't appear to to be unheard of, except by KAV/NOD and a few others at Jottis Online Scan ?

One of the interesting things is that my AVG picked it up Straightaway ! I'm well pleased with them.

Spanner
--
I Only Know What I Know But I'm Learning all The Time - Stay Safe - Spanner intheWorks /SpannerITWks

Virus-1

]]> http://www.dslreports.com/forum/remark,13422294 Mon, 16 May 2005 18:13:53 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13422111 habya : Best to submit it to the AV vendors.

»Security »I think my computer is infected or hijacked. What should I do?

Edit: just saw the above post I was a little late in typing.]]> http://www.dslreports.com/forum/remark,13422111 Mon, 16 May 2005 17:53:53 EDT Re: i think i found a new virus http://www.dslreports.com/forum/remark,13422107 Faram : Submit suspected malware

It is only on the top of the forum.]]> http://www.dslreports.com/forum/remark,13422107 Mon, 16 May 2005 17:53:24 EDT i think i found a new virus http://www.dslreports.com/forum/remark,13422077 lol2004 : my freind sent me a exe file he said scan this with my antivirus and then no virus so i open this file and two reg line came added this %sytemroot%\mgs.exe %sytemroot%\expolorer.exe to the start up and here the link to this file h**p://myweb.cableone.net/jaross15/untitled%5B1%5D.jpg.exe
tt in the ** for protestion
i need help plz
srry for my bad english
and btw i use mcafee]]> http://www.dslreports.com/forum/remark,13422077 Mon, 16 May 2005 17:49:26 EDT