The version I received had a file within the zip labeled aurorapr.com. Opening up within a hex editor to see what it may tell me. Thank God I check these types of messages within Linux. :)
Anyway, looking at it doesn't look promising. It calls KERNEL32.DLL.ADVAPI32. If you want to see the hex_dump, contact me off-list and I'll forward it onto you. I've also submitted the file to F-Prot, so hopefully they'll get updated virus defs out quickly.. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Goran Jovanovic Sent: Monday, July 26, 2004 11:04 AM To: [EMAIL PROTECTED] Subject: RE: [Declude.Virus] New Virus? Hi Jeff, I just got one of these as well with our domain.com.zip and inside it was a domain.com.htm.(a lot of spaces).com My winzip would not extract it to the desktop. Neither F-Prot nor McAfee on the e-mail server found it and my desktop Symantec v9 did not find it either. Bad news............ Goran Jovanovic The LAN Shoppe > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:Declude.Virus- > [EMAIL PROTECTED] On Behalf Of Jeff Maze > Sent: Monday, July 26, 2004 10:51 AM > To: [EMAIL PROTECTED] > Subject: [Declude.Virus] New Virus? > > Anyone hear of this one. It just popped in on an old e-mail account I > reactivated for SPAM testing/control/rule building. > > There was an attachment named "%domain%.com.zip" (e.g. declude.com.zip). > Is > it a new variant? > > > --- > [This E-mail was scanned for viruses by Declude Virus > (http://www.declude.com)] > > --- > This E-mail came from the Declude.Virus mailing list. To unsubscribe, > just send an E-mail to [EMAIL PROTECTED], and > type "unsubscribe Declude.Virus". The archives can be found > at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.
