RE: Possible worm infection or something else?
From: Fraser Morris (frasermorris74_at_hotmail.com)
Date: 12/09/03
- Previous message: Mark Harris: "RE: Messenger service abuse (from inside the network)"
- In reply to: Jimi Thompson: "Re: Possible worm infection or something else?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Jimi Thompson" <jimit@myrealbox.com>, <security-basics@securityfocus.com> Date: Tue, 9 Dec 2003 11:23:00 -0000
I cleared an Agobot worm from a clients machine last week with those
symptoms, take a look at
W32/Agobot-BD
http://www.sophos.com/virusinfo/analyses/w32agobotbd.html
W32/Agobot-BE
http://www.sophos.com/virusinfo/analyses/w32agobotbe.html
W32/Agobot-BF
http://www.sophos.com/virusinfo/analyses/w32agobotbf.html
W32/Agobot-BH
http://www.sophos.com/virusinfo/analyses/w32agobotbh.html
HTH, Fraser
-----Original Message-----
From: Jimi Thompson [mailto:jimit@myrealbox.com]
Sent: 06 December 2003 00:29
To: security-basics@securityfocus.com
Cc: focus-virus@securityfocus.com
Subject: Re: Possible worm infection or something else?
Sounds more like spyware than a virus if your AV software isn't catching
anything. Try running SpyBot or Adaware.
HTH,
Jimi
Giancarlo Ballestracci - IT & Technical Support wrote:
>Hi The Group,
>I hope someone get me a good advice about this problem. I have a notebook
>with multiboot startup (2 Win2k, 1 WinXP). On the first partition Win2k,
>svchost.exe take the 100% of CPU's resources. The system is regularly
>patched (SP4 and all the latest Hot Fixes), personal firewall and Antivirus
>clients updated. Scans with Symantec and Trend Micro have nothing found.
>I've tried to shut down all the services possible, without good result.
I've
>also removed the last six applications installed on: nothing happen. Only
in
>safe mode (clear...), the CPU work fine.
>It's possible that a (new) worm sleep inside the client? Initially, I have
>thought about a Blaster Worm... I've checked also the system registry, but
>nothing strange in on RUN key of LOCAL MACHINE.
>
>Anybody can light me?
>
>Thanks in advance
>
>Giancarlo
>IT Manager
>
>
>---------------------------------------------------------------------------
>---------------------------------------------------------------------------
-
>
>
>
>
>
---------------------------------------------------------------------------
----------------------------------------------------------------------------
-- Virus scanned by edNET. --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.545 / Virus Database: 339 - Release Date: 27/11/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.545 / Virus Database: 339 - Release Date: 27/11/2003 -- Virus scanned by edNET. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
- Previous message: Mark Harris: "RE: Messenger service abuse (from inside the network)"
- In reply to: Jimi Thompson: "Re: Possible worm infection or something else?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
