Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: new NT worm

From: Nexus <nexus () PATROL I-WAY CO UK>
Date: Fri, 29 Dec 2000 15:53:57 -0000
Might be a version of the following - rough guess made on the information
you provided, but I'm no AV guru ;-)

http://www.f-secure.com/v-descs/beast.htm

Failing that, you may like to try searching here for particular signature
that you may find with further investigation.

http://www.symantec.com/avcenter/vinfodb.html
http://vil.nai.com/vil/default.asp

I had a quick look myself, but couldn't find any ref's to the missing files
:(

Regards,
            JJ

----- Original Message -----
From: "e lee" <leewme () EXCITE COM>
To: <INCIDENTS () SECURITYFOCUS COM>
Sent: Friday, December 29, 2000 8:32 AM
Subject: new NT worm



Hi,

a friend of mine has reported the following problem on his NT network:

1. a number of NT machines on the network were suddenly unusable

2. a further check found that two important system files were deleted:
HAL.DLL and NTOSKRNL.exe

3. there is an incomplete a-virus log complains of i.exe, j.exe and 1.exe,
but the log file was not available.

4. use a-virus sw to scan but doesn't report any problem

the worm is spreading fast on the network, probably through email or

shared

file.

Anyone has any idea of this problem? is it a new worm? any suggestions are
highly appreciated.






_______________________________________________________
Send a cool gift with your E-Card
http://www.bluemountain.com/giftcenter/



____________________________________________
http://1cis.com
Free E-mail Servers with unlimited mailboxes
1st Class Internet Solutions
Previous By Date Next
Previous By Thread Next

Current thread: