Security Incidents mailing list archives
FW: [Fwd: Possible new Trojan.]
From: Antti Hakulinen <Antti.Hakulinen () FI FLEXTRONICS COM>
Date: Thu, 2 Nov 2000 16:46:22 +0200
-- -----Original Message----- From: Alexey Podrezov [SMTP:Alexey.Podrezov () F-Secure com] <mailto:[SMTP:Alexey.Podrezov () F-Secure com]> Sent: 2. marraskuuta 2000 16:04 To: Tiina Virta Cc: samples () F-Secure com; <mailto:samples () F-Secure com;> Antti Hakulinen Subject: Re: [Fwd: Possible new Trojan.] Hello,
I am very curious about this newly obtained file, which propably is a new trojan/backdoor of some sort. Could you scan and search the file? At least Antivirus version 4.21 don't see anything in it, but some unlucky ones at incidents () securityfocus com <mailto:incidents () securityfocus com>
<mailto:incidents () securityfocus com <mailto:incidents () securityfocus com> >
don't agree. It has infected some computers already.
This is a new IRC trojan/backdoor. We detect it with the latest updates. The ZIP file you sent to us doesn't contain the actual trojan body that is TEMP.EXE. To clean your system you must find and delete the TEMP.EXE file and all other files that you put in the ZIP package when sending to us. Also there should be a dropper of this trojan somewhere - a self-extracting archive as an EXE file. If you locate it, please send it to us. Regards, _________________________________________________________________ ____________ \ ______// Alexey Podrezov - Alexey.Podrezov () F-Secure com <mailto:Alexey.Podrezov () F-Secure com> \ \\____ Anti-Virus Research and Development Team \ __// F-Secure Corp., PL 24, FIN-02231 Espoo, Finland \ \\ Tel: +358 9 859 900, direct: +358 9 8599 0602 \ // Fax: +358 9 8599 0599, direct: +358 9 8599 0802 \/ WEB: http://www.Europe.F-Secure.com/ <http://www.Europe.F-Secure.com/> _________________________________________________________________
Current thread:
- FW: [Fwd: Possible new Trojan.] Antti Hakulinen (Nov 05)