Thanks to all! My only doubt was the writing of the email, but with your link things got clear.
Tiago Halm > Knock Knock, I'm Sober.C > Yes, I'm a virus/worm. I spread via file sharing on > peer-to-peer networks > and by emailing. > Just have a look at > http://www.sophos.com/virusinfo/analyses/w32soberc.html > and close this thread. > > > ISS > > <<snip>> > > Size: 74142 bytes > > > > Executed strings (ANSI and UNICODE) on it, but could not > find anything > > relevant. > > Because it is compressed -- at runtime a stub routine > decompresses the bulk > of the .EXE file into memory, fixes things up and then starts "normal" > execution of the program... > > > Also ran DUMPBIN /ALL and saw only the following imports: > > > > Section contains the following imports: > > > > KERNEL32.DLL > <<snip>> > > MSVBVM60.DLL > <<snip>> > > Does anyone recognize something with this? > > From the above and earlier clues, it sounds like it should be > Sober.C (or > perhaps a similar, new Sober variant?). Does a reliable, > up-to- date virus > scanner detect it? > > > I someone needs the attachment, I'll send it zipped by email. > > If it is not detected by major virus scanners, send a sample to their > developers. No-one else "needs" it... > > > -- > Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
