Found this on my PC today, bastid to get rid of, only IRC i use is meginjarder, so just a heads up to look out for it!
Virus type: Worm
Destructive: No
Aliases: W32.Spybot.Worm, Worm.P2P.SpyBot.gen, Win32.HLLW.SpyBot, Worm.SpyBot.BH
Pattern file needed: 629
Scan engine needed: 6.150
Overall risk rating: Low
--------------------------------------------------------------------------------
Reported infections: Low
Damage Potential: High
Distribution Potential: Medium
--------------------------------------------------------------------------------
Description:
This memory-resident worm propagates via network shares and has several backdoor capabilities.
It connects to an Internet Relay Chat (IRC) server where it receives the following commands from a remote user to process on compromised machine:
Steal Windows cached passwords
Remotely activate a key logger
Act as HTTP Web page server
Open and close CD-ROM tray
Scan ports
Download file(s)
Perform Denial of Service (DOS) attack against other systems
List and terminate running processes
List system information
Browse files on the compromised system
Execute a file remotely
It allows malicious user to install copies of itself in several startup folders using the following file names:
BRITNEY_SPEARS_GAME.EXE
FILE.EXE
EXPLORER.EXE
To make the cleanup difficult, it terminates the following processes:
NETSTAT.EXE
TASKMGR.EXE
MSCONFIG.EXE
REGEDIT.EXE
This UPX-compressed worm runs on Windows 95, 98, ME, NT, 2000, and XP systems.
WARNING!!! IRC Possible Virus Carrier
Moderator: Trekman
-
- Professional Farmer
- Posts: 1229
- Joined: Fri Jan 31, 2003 5:28 pm
- Panzerfaust
- Monarch
- Posts: 8698
- Joined: Fri Jan 17, 2003 12:26 am
- Location: Florida
- Trekman
- Meginjarder Admin
- Posts: 1533
- Joined: Fri Feb 14, 2003 4:33 pm
- Location: Brigand Sands Cottages, Austria
Re: WARNING!!! IRC Possible Virus Carrier
http://securityresponse.symantec.com/av ... .worm.htmlKazsam wrote:Found this on my PC today, bastid to get rid of, only IRC i use is meginjarder, so just a heads up to look out for it!
This article only mentions mIRC as possible IRC client to be used by the worm. Anyway caution is advised also when using MJ, ElComs, dIRCal,....
It also mentions the KAZAA network as possible distributor. Do you use KAZAA ?
According to that article the worm had been discovered April 16th.
So the latest update of the antivirus software you hopefully use already should be able to block/handle that worm ?!
[img]http://members.chello.at/trekman/1701bop.gif[/img]
[b][url=http://mj.lastdynasty.net/stats/meginch ... the+Axeman]Trekman the Axeman - Senior Skullsplitter and Master Of Slaughter[/url][/b]
Prim Trekmansun - Archer
[b][url=http://mj.lastdynasty.net/stats/meginch ... the+Axeman]Trekman the Axeman - Senior Skullsplitter and Master Of Slaughter[/url][/b]
Prim Trekmansun - Archer