Results 1 to 2 of 2

Thread: March 19 Alerts

  1. #1
    Senior Member
    Join Date
    Jan 2002

    Exclamation March 19 Alerts

    Discovered on: March 19, 2002
    Last Updated on: March 19, 2002 at 06:33:07 PM PST

    W32.Atram@mm is a mass mailing worm that uses its own SMTP engine. Upon execution the worm will copy itself to "C:\WINDOWS\dllmgr.exe". It will also display 7 Message Boxes in Italian.

    Also Known As: W32.Atram@mm, I-Worm.Borzella, Win32/Borzella.Worm, WORM_PORKIS.A, Win32.Storielle


    W32/Gemi Low

    Virus Information
    Discovery Date: 03/18/2002
    Origin: Italy
    Length: Varies on target file, average size increase 6300
    Type: Virus
    SubType: File Infector

    Virus Characteristics
    The W32/Gemi virus is a direct infection virus. After running a single infected file, the virus will search all suitable files to infect on the local machine. Target files are 32 bit PE (Portable Executable) files, such as .EXE .DLL .SCR. The virus adds its code to the target files, usually at the end of the file. A string "gemini" is visible in these files.
    The virus drops a file called "GEMINI.EXE" in the "\windows" directory. For example \windows\gemini.exe on win9x based systems, and \winnt\gemini.exe for Win2000 based systems.
    During testing, the filesize of the dropped gemini.exe was 2788 bytes, but the actual filesize may be dependent on disk layout.

    The viral process is visible in the task manager as "gemini".

    I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson

  2. #2
    Senior Member
    Join Date
    Feb 2002
    Thanks for the info zigar! Its always nice to come here and see up to date alerts from you. Especially the on the MS forum.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts