-
June 27th, 2005, 10:08 PM
#11
Hey Hey,
This thing definately reads a lot of directories and a lot of files... it also does some file creation and that's what I documented.
Extract zip file
single exe - f22-012.exe
Run the EXE
system32\winshost.exe is created
ntuser.dat and ntuser.dat.log in c:\documents and settings\Administrator were changed
HKLM\Software\Microsoft\Windows\CurrentUser\Run\winshost.exe added
system32\config\software.log modified
system32\wiwshost.exe created
At this point explorer crashed and drwatson ran... The logs became so full that I couldn't follow it anymore.
I had my subnet changed (in case it did any scanning/passing by looking at the current subnet range).. but I didn't see any network traffic..
Peace,
HT
-
June 27th, 2005, 10:43 PM
#12
Sorry Mate, I have a "drop-dead" rule on my gateway. All executables are stripped and sent to that big "bit-bucket" in the sky.
Glad to see I'm not the only one with a no tolerance rule.... Works perfectly doesn't it?
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
June 28th, 2005, 01:49 AM
#13
Originally posted here by Tiger Shark
Glad to see I'm not the only one with a no tolerance rule.... Works perfectly doesn't it?
Hey Hey,
I can't understand why all companies don't have this in place... I really don't know why we don't have it.... Is there a company out there without this in place that can explain why you don't have it and your reasoning?
Peace,
HT
-
June 28th, 2005, 02:24 AM
#14
Please.....
Tiger isn't the only evil mean monster out there. I have about 35 file extensions that aren't allowed.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
June 28th, 2005, 03:22 AM
#15
Originally posted here by thehorse13
Please.....
Tiger isn't the only evil mean monster out there. I have about 35 file extensions that aren't allowed.
Hey TH13,
Try and figure this one out.. we block access files (.mdb) but the virus infected exe in a zip file passes easily into our mailboxes.... How's that for a good corporate policy.
Peace
HT
-
June 28th, 2005, 02:51 PM
#16
Originally posted here by Tiger Shark
Glad to see I'm not the only one with a no tolerance rule.... Works perfectly doesn't it?
It does work perfectly, I have pissed a few people off but hey, thats what they pay me for.
Cheers:
-
June 28th, 2005, 04:06 PM
#17
Ah.. It's the new Bagle variant.. Why didn't I notice this thread before
http://www.antionline.com/showthread...r=1#post846896
Oliver's Law:
Experience is something you don't get until just after you need it.
-
June 28th, 2005, 04:57 PM
#18
I just wanted to thank you all for the early heads up on this. I was able to get a quick update and was prepared when the sucker started showing up in my area. Got 31 of the little buggers caught in quarrantine today. Way Cool!
-
July 24th, 2005, 07:22 PM
#19
Junior Member
While scanning HTRegz's attachment on http://virusscan.jotti.org , it found the Bagle worm
-
July 24th, 2005, 10:38 PM
#20
OLD THREAD: Sirdice commented 2 post and a month before of what the bug was.... Take close attention of the dates and READ THE WHOLE THREAD..
Oh sorry forgot: First post.. Wellcome to Antionline.. Please be sure to visit and READ the site FAQ.. and any Threads that may be "Sticky" that relate to posting on these here boards.. many of us are house trained.. some do bite.. so please becareful.. so to be safe please dont feed the animals..
Thank you .. have a pleasent time here.. as we trust that we may enjoy your many future contributions..
Cheers
"Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|