Security Basics mailing list archives
Re: New Virus?
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Wed, 29 Jun 2005 01:52:19 +0200
On 2005-06-27 Hamish Stanaway wrote:
I recieved a mysterious email this morning at 1728 GMT which had headers as follows:
[...]
As you can guess, I'm hamish1 () webhosting net nz. This email contained no text, only an attachment called legs.zip, which Norton (fully updated to its' latest version and data files) did not detect any viruses in. Within the legs.zip file there is a file called ds-rwe.exe - this again was not detected as a virus. My girlfriend thought she would be smart and ran ds-rwe.exe, which gave me a memory overflow message for explorer.exe immidiately. Does anyone have any idea of what this might be, and also if it is a virus that has already been identified? If not, I am willing to pass it through to someone to take a look at in its' zip format.
The file names and headers don't mean much. I would suggest you test the (original) file on [1]. If that doesn't give any insight: send it to the AV vendor of your choice. Most of them provide an e-mail address for this pupose (Nick FitzGerald posts a list of them from time to time, e.g. [2]). HTH
Otherwise if the effects cannot be reversed, I am afraid I will have to reformat this machine *sigh* NOT AGAIN :(
Well, reinstalling is always your best (read as "safest") bet when dealing with compromised hosts. Sorry. focus-virus would have been a more appropriate list for this kind of request, BTW. [1] http://www.virustotal.com/ [2] http://www.securityfocus.com/archive/100/366231 Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- New Virus? Hamish Stanaway (Jun 28)
- Re: New Virus? Paul Kurczaba (Jun 29)
- RE: New Virus? David Gillett (Jun 29)
- Re: New Virus? securityfocus (Jun 29)
- Re: New Virus? Ansgar -59cobalt- Wiechers (Jun 29)
- Re: New Virus? cc (Jun 29)
- Re: New Virus? Alan Apperson (Jun 29)
- Re: New Virus? Justin Gill (Jun 29)
- Re: New Virus? ChayoteMu (Jun 29)
- RE: New Virus? J.Ayoola (Jun 29)
- RE: New Virus? Hamish Stanaway (Jun 30)
- <Possible follow-ups>
- RE: New Virus? Dan Denton (Jun 29)
- RE: New Virus? Hayden Searle (Jun 29)
- re: New Virus? meowbaby (Jun 29)
- RE: New Virus? Wiersma, S. (Stefan) (Jun 29)