|
-
March 20th, 2002, 05:34 PM
#1
 March 19 Alerts
W32.Atram@mm
Discovered on: March 19, 2002
Last Updated on: March 19, 2002 at 06:33:07 PM PST
W32.Atram@mm is a mass mailing worm that uses its own SMTP engine. Upon execution the worm will copy itself to "C:\WINDOWS\dllmgr.exe". It will also display 7 Message Boxes in Italian.
Also Known As: W32.Atram@mm, I-Worm.Borzella, Win32/Borzella.Worm, WORM_PORKIS.A, Win32.Storielle
http://sarc.com/avcenter/venc/data/w32.atram@mm.html
W32/Gemi Low
Virus Information
Discovery Date: 03/18/2002
Origin: Italy
Length: Varies on target file, average size increase 6300
Type: Virus
SubType: File Infector
Virus Characteristics
The W32/Gemi virus is a direct infection virus. After running a single infected file, the virus will search all suitable files to infect on the local machine. Target files are 32 bit PE (Portable Executable) files, such as .EXE .DLL .SCR. The virus adds its code to the target files, usually at the end of the file. A string "gemini" is visible in these files.
The virus drops a file called "GEMINI.EXE" in the "\windows" directory. For example \windows\gemini.exe on win9x based systems, and \winnt\gemini.exe for Win2000 based systems.
During testing, the filesize of the dropped gemini.exe was 2788 bytes, but the actual filesize may be dependent on disk layout.
The viral process is visible in the task manager as "gemini".
http://vil.nai.com/vil/content/v_99405.htm
I used to be With IT. But then they changed what IT was. Now what I'm with isn't IT, and what's IT seems scary and weird." - Abe Simpson
-
March 20th, 2002, 07:53 PM
#2
Senior Member
Thanks for the info zigar! Its always nice to come here and see up to date alerts from you. Especially the on the MS forum.
Thanks!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote