new Gaobot variant??
From: PHiL M. (_at_.com.hk)
Date: 04/29/04
- Next message: Dmitriy Kopnichev: "Re: How to turn off the "File System Real-time Protection" in Symantec Antivirus Corporate Edition?"
- Previous message: MikeFu: "Re: Trojan horse PWS.Agent.H"
- Next in thread: S. Pidgorny
: "Re: new Gaobot variant??" - Reply: S. Pidgorny
: "Re: new Gaobot variant??" - Reply: Karl Levinson [x y] mvp: "Re: new Gaobot variant??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 29 Apr 2004 13:16:09 +0800
I come across a few Windows XP computers with the following symptoms and
haven't been able to identify the virus type correctly.
1. Runs SCVHOST.exe on startup.
2. Downloads EXE files to C: root.
3. Blocks access to antivirus programs websites using HOSTS.
4. Disables antivirus program's online/auto protection service.
5. Some even reported LSASS.exe error and shuts down in 60 seconds (but
not sure if it is related to the others).
The only virus I know that can do some of the above is W32.Gaobot or a
variant of it, but I cannot find info on one variant that has at least
all symptoms from #1 - #4.
Have I identified the virus correctly? Thanks.
- Next message: Dmitriy Kopnichev: "Re: How to turn off the "File System Real-time Protection" in Symantec Antivirus Corporate Edition?"
- Previous message: MikeFu: "Re: Trojan horse PWS.Agent.H"
- Next in thread: S. Pidgorny
: "Re: new Gaobot variant??" - Reply: S. Pidgorny
: "Re: new Gaobot variant??" - Reply: Karl Levinson [x y] mvp: "Re: new Gaobot variant??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
