We have also seend a hight rate of zip files today. Our NAV Gateway sees them as [EMAIL PROTECTED]
Kevin Bilbee > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Colbeck, Andrew > Sent: Tuesday, November 01, 2005 10:01 AM > To: Declude.Virus@declude.com > Subject: RE: [Declude.Virus] Blast of zips coming in > > > Current F-Prot definitions catch this as a Mitglieder variant, and Trend > Micro reports that they are investigating Bagle.AB > > The zip files contain a non-password protected executable; I've noticed > the following names: > > Loader.exe > t_535475.exe > > Here is an F-Prot report on one catch: > > C:\Temp\Virus\Bagle.New>d:\f-prot\scanonly *.* > Virus scanning report - 1 November 2005 @ 9:49 > > F-PROT ANTIVIRUS > Program version: 3.16b > Engine version: 3.16.6 > > VIRUS SIGNATURE FILES > SIGN.DEF created 1 November 2005 > SIGN2.DEF created 1 November 2005 > MACRO.DEF created 25 October 2005 > > Search: *.* > Action: Report only > Files: "Dumb" scan of all files > Switches: /ARCHIVE /PACKED /SERVER /REPORT=d:\f-prot\ScanReport.txt > /NOBOOT /NOMEM /AI > Memory was not scanned. > Hard disk boot sectors were not scanned. > > C:\Temp\Virus\Bagle.New\D939EE224010AEFE9.SMD->Business_dealing.zip->Loa > der.exe is a security risk named W32/Mitglieder.FY > > Results of virus scanning: > > Files: 1 > MBRs: 0 > Boot sectors: 0 > Objects scanned: 3 > Infected: 0 > Suspicious: 1 > Disinfected: 0 > Deleted: 0 > Renamed: 0 > > Time: 0:00 > > ErrorLevel returned by fpcmd is: [8] > errorlevel 8 = At least one suspicious object was found. > > > > > --- > This E-mail came from the Declude.Virus mailing list. To > unsubscribe, just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. > --- > [This E-mail scanned for viruses by Declude Virus] > > > --- [This E-mail scanned for viruses by Declude Virus] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
