RE: Somebody saw this trojan ?

From: Fabrizio Siciliano (fsiciliano@optiumcorp.net)
Date: 10/07/02 

Date: Mon, 7 Oct 2002 12:54:15 -0500
From: "Fabrizio Siciliano" <fsiciliano@optiumcorp.net>
To: "Bassam ALHUSSEIN" <bhussein@scs-net.org>, <focus-virus@securityfocus.com>

Looks like you got hit with the BugBear worm.

Go here to get a fix: http://
securityresponse.symantec.com/avcenter/venc/data/w32.bugbear@mm.removal.
tool.html

After you fix it..re-install your AV software.

FVS

> -----Original Message-----
> From: Bassam ALHUSSEIN [mailto:bhussein@scs-net.org]
> Sent: Saturday, October 05, 2002 5:14 PM
> To: focus-virus@securityfocus.com
> Cc: SECURITY-BASICS@securityfocus.com
> Subject: Somebody saw this trojan ?
>
>
> Hello ..
>
> I have received an e-mail today that is not supposed to be
> sent to me (they were calling somebody else that I don't know
> ..). When I read the mail with Outlook Express I noticed that
> the popup window of dowmloading the attachement is invoked
> rapidly (Slow computer) without asking for "Open" or "Save
> as" ... Well, I have some basic concepts about viruses and
> security. I am using NAV 2001 with the virus definitions of
> 16/09/2002 and it generally scans the incoming emails. but
> after reading that email I noticed that NAV is not running
> !!! With Ctrl-Alt-Del I Didn't see any "Strange" runnong
> program. On a promt command I wrote : netstat -an and I found :
> TCP 0.0.0.0:36794 0.0.0.0:0 LISTENING
> I think it could be a trojan horse listning on the port 36794
> .. I ran NAV manually to scan my system...but it (NAV) soon
> shut down. I ran a free "Process Viewer" and then I noticed a
> "strange" running program with the name "Hfyj.exe", so I
> killed it. With the "Regedit" I deleted the key that was
> invoking this program in :
> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
>
> I deleted the exe file and when I rebooted I noticed that it
> is always there and that Nav is not running. I killed the
> program again ..deleted the registry key... ran Nav to scan
> the exe file but it sayed that it is not infected !!!
>
> Help.. The Resident Evil is always here and runing ...
>
> Note : the mail was sent from a fake address ....and I didn't
> found the "To: " statement in the header ....How could it
> come to me without the "To :" statement.
>
> what about sending the exe file to Symantec ???
>
>
> thanx
>
>

Relevant Pages

  • RE: Somebody saw this trojan ?
    ... I would suggest you clean your system promptly as you are most likely now a host and may be propagating the virus to any shares on you LAN. ... I am using NAV ... incoming emails. ... I deleted the exe file and when I rebooted I noticed that it is always there ...
    (Security-Basics)
  • Re: Issue with "Ws" in navigation bars
    ... using just the nav view text ... Then FP merges the transparent .gif w/ the theme button image to generate the button images and use ... You need to be careful picking fonts and colors in themes for nav bars, because there can be a incompatibilities taht will not merge ... I guess this is something Microsoft should fix, ...
    (microsoft.public.frontpage.client)
  • Re: Seem to loss file association to the .exe file extensions
    ... File Association Fix (Restore default association for EXE files" with my ... problem with any exe file. ... SE where at the A: prompt go to C:;then going to a require exe file and run ...
    (microsoft.public.windowsxp.general)
  • Re: Not Running .exe programs
    ... Assuming that you're unable to open a browser in order to d/load a fix, ... d/load Doug Knox's EXE File Association Fix from ... > deletion program my computer now doesn't run any ...
    (microsoft.public.windowsxp.basics)
  • Re: Somebody saw this trojan ? (nicely)
    ... I agree with what you are saying and I am sure most of the list's readers ... I am using NAV ... >> I deleted the exe file and when I rebooted I noticed that it is always ... >> what about sending the exe file to Symantec ??? ...
    (Security-Basics)