RE: Possible worm infection or something else?

From: Fraser Morris (frasermorris74_at_hotmail.com)
Date: 12/09/03

  • Next message: Joseph Blade: "eTrust Inoculate 7.0 SP1 problems"
    To: "Jimi Thompson" <jimit@myrealbox.com>, <security-basics@securityfocus.com>
    Date: Tue, 9 Dec 2003 11:23:00 -0000
    
    

    I cleared an Agobot worm from a clients machine last week with those
    symptoms, take a look at

    W32/Agobot-BD
    http://www.sophos.com/virusinfo/analyses/w32agobotbd.html
    W32/Agobot-BE
    http://www.sophos.com/virusinfo/analyses/w32agobotbe.html
    W32/Agobot-BF
    http://www.sophos.com/virusinfo/analyses/w32agobotbf.html
    W32/Agobot-BH
    http://www.sophos.com/virusinfo/analyses/w32agobotbh.html

    HTH, Fraser

    -----Original Message-----
    From: Jimi Thompson [mailto:jimit@myrealbox.com]
    Sent: 06 December 2003 00:29
    To: security-basics@securityfocus.com
    Cc: focus-virus@securityfocus.com
    Subject: Re: Possible worm infection or something else?

    Sounds more like spyware than a virus if your AV software isn't catching
    anything. Try running SpyBot or Adaware.

    HTH,

    Jimi

    Giancarlo Ballestracci - IT & Technical Support wrote:

    >Hi The Group,
    >I hope someone get me a good advice about this problem. I have a notebook
    >with multiboot startup (2 Win2k, 1 WinXP). On the first partition Win2k,
    >svchost.exe take the 100% of CPU's resources. The system is regularly
    >patched (SP4 and all the latest Hot Fixes), personal firewall and Antivirus
    >clients updated. Scans with Symantec and Trend Micro have nothing found.
    >I've tried to shut down all the services possible, without good result.
    I've
    >also removed the last six applications installed on: nothing happen. Only
    in
    >safe mode (clear...), the CPU work fine.
    >It's possible that a (new) worm sleep inside the client? Initially, I have
    >thought about a Blaster Worm... I've checked also the system registry, but
    >nothing strange in on RUN key of LOCAL MACHINE.
    >
    >Anybody can light me?
    >
    >Thanks in advance
    >
    >Giancarlo
    >IT Manager
    >
    >
    >---------------------------------------------------------------------------
    >---------------------------------------------------------------------------
    -
    >
    >
    >
    >
    >

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------

    --
    Virus scanned by edNET.
    ---
    Incoming mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.545 / Virus Database: 339 - Release Date: 27/11/2003
    ---
    Outgoing mail is certified Virus Free.
    Checked by AVG anti-virus system (http://www.grisoft.com).
    Version: 6.0.545 / Virus Database: 339 - Release Date: 27/11/2003
    -- 
    Virus scanned by edNET.
    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------
    

  • Next message: Joseph Blade: "eTrust Inoculate 7.0 SP1 problems"

    Relevant Pages

    • Re: Worm will not go away
      ... > I tried to remove the worm out my system.However, ... > search again after I run the BVS script file and the ... Outgoing mail is certified Virus Free. ... Checked by AVG anti-virus system. ...
      (microsoft.public.windowsxp.security_admin)
    • SLAMMER WORM for SQLSERVER2K
      ... I just read about the new worm. ... Outgoing mail is certified Virus Free. ... Checked by AVG anti-virus system. ...
      (microsoft.public.dotnet.security)
    • Re: SLAMMER WORM for SQLSERVER2K
      ... I just read about the new worm. ... > Outgoing mail is certified Virus Free. ... > Checked by AVG anti-virus system. ...
      (microsoft.public.dotnet.security)
    • Re: SP2 Behavior ...
      ... > Testy wrote: ... >> It was decided by these clients not to be cost effective for them to ... Outgoing mail is certified Virus Free. ... Checked by AVG anti-virus system. ...
      (microsoft.public.windowsxp.setup_deployment)
    • Re: SP2 Behavior ...
      ... > Testy wrote: ... >> It was decided by these clients not to be cost effective for them to ... Outgoing mail is certified Virus Free. ... Checked by AVG anti-virus system. ...
      (microsoft.public.windowsxp.help_and_support)