Security Basics mailing list archives
RE: Possible worm infection or something else?
From: "Fraser Morris" <frasermorris74 () hotmail com>
Date: Tue, 9 Dec 2003 11:23:00 -0000
I cleared an Agobot worm from a clients machine last week with those symptoms, take a look at W32/Agobot-BD http://www.sophos.com/virusinfo/analyses/w32agobotbd.html W32/Agobot-BE http://www.sophos.com/virusinfo/analyses/w32agobotbe.html W32/Agobot-BF http://www.sophos.com/virusinfo/analyses/w32agobotbf.html W32/Agobot-BH http://www.sophos.com/virusinfo/analyses/w32agobotbh.html HTH, Fraser -----Original Message----- From: Jimi Thompson [mailto:jimit () myrealbox com] Sent: 06 December 2003 00:29 To: security-basics () securityfocus com Cc: focus-virus () securityfocus com Subject: Re: Possible worm infection or something else? Sounds more like spyware than a virus if your AV software isn't catching anything. Try running SpyBot or Adaware. HTH, Jimi Giancarlo Ballestracci - IT & Technical Support wrote:
Hi The Group, I hope someone get me a good advice about this problem. I have a notebook with multiboot startup (2 Win2k, 1 WinXP). On the first partition Win2k, svchost.exe take the 100% of CPU's resources. The system is regularly patched (SP4 and all the latest Hot Fixes), personal firewall and Antivirus clients updated. Scans with Symantec and Trend Micro have nothing found. I've tried to shut down all the services possible, without good result.
I've
also removed the last six applications installed on: nothing happen. Only
in
safe mode (clear...), the CPU work fine. It's possible that a (new) worm sleep inside the client? Initially, I have thought about a Blaster Worm... I've checked also the system registry, but nothing strange in on RUN key of LOCAL MACHINE. Anybody can light me? Thanks in advance Giancarlo IT Manager --------------------------------------------------------------------------- ---------------------------------------------------------------------------
-
--------------------------------------------------------------------------- ---------------------------------------------------------------------------- -- Virus scanned by edNET. --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.545 / Virus Database: 339 - Release Date: 27/11/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.545 / Virus Database: 339 - Release Date: 27/11/2003 -- Virus scanned by edNET. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: Possible worm infection or something else? Firefly Digital Media (Dec 01)
- <Possible follow-ups>
- RE: Possible worm infection or something else? Kris Wingard (Dec 01)
- RE: Possible worm infection or something else? Rama Rao Adharapurapu (Dec 01)
- RE: Possible worm infection or something else? James Arnott (Dec 02)
- RE: Possible worm infection or something else? Joey Matesic (Dec 02)
- RE: Possible worm infection or something else? Mike_Carter (Dec 02)
- RE: Possible worm infection or something else? Osvaldo Casagrande (Dec 02)
- Re: Possible worm infection or something else? Jimi Thompson (Dec 08)
- RE: Possible worm infection or something else? Fraser Morris (Dec 09)
- RE: Possible worm infection or something else? Fraser Morris (Dec 09)