Current F-Prot definitions catch this as a Mitglieder variant, and Trend Micro reports that they are investigating Bagle.AB
The zip files contain a non-password protected executable; I've noticed the following names: Loader.exe t_535475.exe Here is an F-Prot report on one catch: C:\Temp\Virus\Bagle.New>d:\f-prot\scanonly *.* Virus scanning report - 1 November 2005 @ 9:49 F-PROT ANTIVIRUS Program version: 3.16b Engine version: 3.16.6 VIRUS SIGNATURE FILES SIGN.DEF created 1 November 2005 SIGN2.DEF created 1 November 2005 MACRO.DEF created 25 October 2005 Search: *.* Action: Report only Files: "Dumb" scan of all files Switches: /ARCHIVE /PACKED /SERVER /REPORT=d:\f-prot\ScanReport.txt /NOBOOT /NOMEM /AI Memory was not scanned. Hard disk boot sectors were not scanned. C:\Temp\Virus\Bagle.New\D939EE224010AEFE9.SMD->Business_dealing.zip->Loa der.exe is a security risk named W32/Mitglieder.FY Results of virus scanning: Files: 1 MBRs: 0 Boot sectors: 0 Objects scanned: 3 Infected: 0 Suspicious: 1 Disinfected: 0 Deleted: 0 Renamed: 0 Time: 0:00 ErrorLevel returned by fpcmd is: [8] errorlevel 8 = At least one suspicious object was found. --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.Virus". The archives can be found at http://www.mail-archive.com.