|
|
| Author |
Message |
Owyyn
RealPoor Guru
Joined: 11 Oct 2002
Posts: 2900
|
 Posted: 02/24/04 - 12:20 Post subject: New virus on our network...
|
|
|
Someone at work today got a virus sent to his email, and now it's started to f**k up the fileserver. Problem is, I don't know what it is!
Symptoms are taking up all the infected computers resources. It won't let me look at the task list or run regedit. I deleted most of the icons on his desktop, and seems to have an affinity for messing up .mdb, .doc, and .xls files on the file server.
Anyone know what this is??
|
|
|
Back to top
|
|
|
|
 |
Jakanden
RealPoor Master of Posts
Joined: 11 Nov 2003
Posts: 5334
Location: Fuck if I know - I am always lost
|
|
Posted: 02/24/04 - 12:27 Post subject: Re: New virus on our network...
|
|
|
Us too mate - we are f*****g slammed. Here is the info:
http://vil.nai.com/vil/content/v_101038.htm
| Quote: |
The worm makes copies of itself as .zip archives or .exe in different directories on local and mapped drives. The filenames are random alphabetical names and are 34 Kbytes in size.
The worm searches local and mapped drives to delete files with the following extensions: [bmp, avi, jpg, sav, xls, doc, mdb]
|
|
|
|
Back to top
|
|
|
|
|
Owyyn
RealPoor Guru
Joined: 11 Oct 2002
Posts: 2900
|
|
Posted: 02/24/04 - 12:34 Post subject:
|
|
|
|
Sweet thanks man, that's exactly what it was.
|
|
|
Back to top
|
|
|
|
|
Owyyn
RealPoor Guru
Joined: 11 Oct 2002
Posts: 2900
|
|
Posted: 02/24/04 - 13:34 Post subject:
|
|
|
|
Lolol. I ran that app on all the network drives, specifically the mail server, and found 7 different viruses that thing scans for.
|
|
|
Back to top
|
|
|
|
|
Jakanden
RealPoor Master of Posts
Joined: 11 Nov 2003
Posts: 5334
Location: Fuck if I know - I am always lost
|
|
Posted: 02/24/04 - 13:38 Post subject:
|
|
|
|
Half of our servers are infected and it is generating calls like mad
|
|
|
Back to top
|
|
|
|
|
Owyyn
RealPoor Guru
Joined: 11 Oct 2002
Posts: 2900
|
|
Posted: 02/24/04 - 15:36 Post subject:
|
|
|
|
It sure is a nasty one. The person on the network who got it first happened to be the President of the company. And everyone will open anything from him! Sheesh. The fileservers not a big deal because it was backed up last night, but everything with those extensions that was on local drives is *poof*- gone. I've tried undelete programs, but it looks like it corrupted the files before it deleted them.
|
|
|
Back to top
|
|
|
|
|
Zerapheus
Rookie
Joined: 14 Oct 2002
Posts: 89
|
|
Posted: 02/25/04 - 02:06 Post subject:
|
|
|
|
There's a worm that is pretty identical to this one called <W32.Netsky.B@MM > that's running around too... hit my company's network as well.
|
|
|
Back to top
|
|
|
|
|
|
|
