nanog mailing list archives
Re: New Virus in the wild
From: Nils Ketelsen <nils.ketelsen () kuehne-nagel com>
Date: Tue, 18 Jan 2005 08:58:32 -0500
On Tue, Jan 18, 2005 at 02:48:55PM +0200, Gadi Evron wrote:
Nils Ketelsen wrote:I still have no clue what is causing this, but I am pretty clueless when it comes to Windows PCs anyway, and as you might have guessed: The PCs making these connections are windows machines.http://www.lurhq.com/baba.html Thanks go to Joe Stewart from lurhq.
No, not it. Close but not exactly. I seem to be encountering a different mutation of this Virus. First, the ports it is trying to connect to are 25000-26000, second the timestamp in the URL seems to be missing in the above description. True is, that the infected file seems to be C:\csrss.exe. According to McAfee Virus Scan (with the newest pattern file) this file was infected with buchon.c. But the description does not fully match either. Anyways: Killing the process and removing c:\csrss.exe helped. McAfee knows about this Virus since last week, but decided it was not worth an update of their regular patterns. Thank you for this policy of slow updates, I will see that I get a vendor that acts in time, I guess. Nils
Current thread:
- New Virus in the wild Nils Ketelsen (Jan 17)
- Re: New Virus in the wild Gadi Evron (Jan 17)
- Re: New Virus in the wild Nils Ketelsen (Jan 17)
- Re: New Virus in the wild Gadi Evron (Jan 17)
- Re: New Virus in the wild Gadi Evron (Jan 17)
- Re: New Virus in the wild Gadi Evron (Jan 19)
- Re: New Virus in the wild Gadi Evron (Jan 19)
- Re: New Virus in the wild Nils Ketelsen (Jan 19)
- Re: New Virus in the wild Jason Frisvold (Jan 19)
- Re: New Virus in the wild Nils Ketelsen (Jan 17)
- Re: New Virus in the wild Gadi Evron (Jan 17)