First, sorry for the double post, but I forgot to 'obscure' the trojan
filename and it might get filtered on some mail servers. Also, according to
the customer (and NOT myself), AtGuard, Lockdown 2000 (obviously, for those
who know about these guys), Jammer, and Computer Associates A/V software
failed to find this virus with their latest updates. I suggested Norton
Personal Firewall, Norton A/V, and/or Zone Alarm. They purchased Norton
Personal Firewall and it detected the virus trying to make an outbound
connection (via Windows Scripting Host? <- can't remember). I hate to
spread hearsay, but just in case you have one of these products that failed
to find it, you might want to try something else. We've also seen a virus
by the name of A24 dot vbs floating around too. According to McAfee (the
last time I checked), no such virus exists, but Norton does know about it.
I can provide source for either if anyone is interested.
<original post with editing>
Search for network dot vbs on the system. We've had a lot of problems with
this little bugger on customer systems. All it does is attempt to replicate
via open shares. It picks a random 24.0.0.0/24 subnet and scans all the
hosts on that subnet. The version we've found doesn't do anything but
spread (no payload). There are numerous variations so you might just want
to search for all vbs files. Some virus scanners don't seem to pick up some
of the variants.
HTH,
Mike
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of John Huggins
> > Sent: Monday, September 18, 2000 1:38 PM
> > To: [EMAIL PROTECTED]
> > Subject: Windows 98 trying to learn about Windows Networks outside of
> > our little world.
> >
> >
> >
> > One of our Windows 98 machines ground to a slow pace today. Then
> > we get an
> > email from our Internet provider essentially copying a message
> > they received
> > from some outside person complaining that this little 98 machine was
> > exploring a whole range of IP addresses on the usual Windows
> > network ports.
> >
> > Any body heard of this kinf of virus? If not, can you provide
> some other
> > resource links to others in the know?
> >
> > I know, I know. We should have been packet filtering our local
> > network from
> > the Internet, BUT those on high demanded full access to the
> Internet; For
> > all I know they belong to the Flat Earth Society. Thus, I let them have
> > their way, while us few non-flat-earthers protect our
> individual machines
> > with things like Zone Alarm.
> >
> > J
> >
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> >
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
