FW: [Fwd: Possible new Trojan.]

[Antti Hakulinen <Antti.Hakulinen () FI FLEXTRONICS COM>]

--


-----Original Message-----
From:   Alexey Podrezov [SMTP:Alexey.Podrezov () F-Secure com]
<mailto:[SMTP:Alexey.Podrezov () F-Secure com]>
Sent:   2. marraskuuta 2000 16:04
To:     Tiina Virta
Cc:     samples () F-Secure com; <mailto:samples () F-Secure com;>  Antti
Hakulinen
Subject:        Re: [Fwd: Possible new Trojan.]


Hello,

> I am very curious about this newly obtained file, which propably is a new
> trojan/backdoor of some sort.
> Could you scan and search the file?
> At least Antivirus version 4.21 don't see anything in it, but some unlucky
> ones at  incidents () securityfocus com <mailto:incidents () securityfocus com>
<mailto:incidents () securityfocus com <mailto:incidents () securityfocus com> >
> don't agree.
> It has infected some computers already.

This is a new IRC trojan/backdoor. We detect it with the latest updates. The
ZIP file you sent to us doesn't contain the actual trojan body that is
TEMP.EXE. To clean your system you must find and delete the TEMP.EXE file
and all other files that you put in the ZIP package when sending to us. Also
there should be a dropper of this trojan somewhere - a self-extracting
archive as an EXE file. If you locate it, please send it to us.
                                Regards,

_________________________________________________________________
 ____________
 \   ______//     Alexey Podrezov - Alexey.Podrezov () F-Secure com
<mailto:Alexey.Podrezov () F-Secure com>
  \  \\____             Anti-Virus Research and Development Team
   \   __//      F-Secure Corp., PL 24, FIN-02231 Espoo, Finland
    \  \\        Tel: +358 9 859 900,   direct: +358 9 8599 0602
     \ //        Fax: +358 9 8599 0599, direct: +358 9 8599 0802
      \/                    WEB: http://www.Europe.F-Secure.com/
<http://www.Europe.F-Secure.com/>
_________________________________________________________________