[HolyGeek] Everyone needs a hobby?

Sun, 16 May 2004 06:37:03 -0700

Hi Everyone -
 
Have had an interesting morning with the Downloader Small trojan...
 
AVG found and healed two instances of it yesterday, but this morning i received another message that it was back, this time in a file in Windows/_Restore/Temp. AVG reported unable to heal it and my attempts to manually delete the file were met with a message that the file was in use.
 
I opened it with notepad, and interestingly could read some of the code for what it does.. Here it is in part:
 
"GET /  HTTP/1.1
Host: 
User-Agent: r

 WININET InternetOpen InternetCloseHandle InternetReadFile InternetOpenUrl  WS2_32  WSAStartup socket connect  send recv  closesocket  inet_addr                                                                                                                                    KERNEL32   LoadLibrary   GetProcAddress   VirtualLock   GetCommandLine   GetTempPath   GetWindowsDirectory   VirtualAlloc   DeleteFile   CreateMutex   GetLastError   ExitProcess   WriteFile   CreateProcess   WaitForSingleObject   Sleep   CreateFile   ReadFile   CloseHandle   GetLocaleInfo "
 
Part of what was interesting is the way it deletes the file (itself) -- i found an infected item named 1.exe in the Recycle Bin -- the way it is set to "sleep" for a while.
 
Wondering if that phrase "CreateMutex" has anything to do with how it mutates?
 
Anyway, i was able to clear away the infection only after disabling the System Restore. After that, i turned the System Restore back on.
 
Really pesky virus.
 
May no one else here have this particular adventure.
 
And may everyone enjoy their Sunday. :)
 
love and peace,
joyce 
 
 
 
 
 

Do you Yahoo!?
SBC Yahoo! - Internet access at a great low price.
Yahoo! Groups Sponsor
ADVERTISEMENT
click here

Yahoo! Groups Links

Reply via email to