There's another bug on here. Looks like this virus sets up a backdoor from the compromised system to an IRC channel. http://anubis.iseclab.org/?action=result&task_id=19da61a862fdf5bb4c56f207beccef8ff&format=html
<http://anubis.iseclab.org/?action=result&task_id=19da61a862fdf5bb4c56f207beccef8ff&format=html>This looks like the culprit. At least I know what I'm looking for now! http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm:Win32/Hamweq.E On Thu, Jul 1, 2010 at 7:58 AM, Craig Freyman <[email protected]>wrote: > Not a false positive. Someone used a nasty USB drive that had an autorun > virus on it. The autorun.inf had this in it: > > > l~-??A?<K??#?Ê??ed?ª?üXÜ??ÁüFl?æ?eëX?r?:M?à???Ñ?çs?Ç?Oü?EF??ëÓ??ÚÞÊN?d=?ú??[Y?????mÈm!Ã???çñvè?y?Êv_????É-/?Is?ù?,[ > [autorun > ;e???V > open=trikfx/spomenar.exe > ;Þm÷?Ç > icon=%SystemRoot%\system32\SHELL32.dll,4 > ;X]doÝ??a > action=Open folder to view files using Windows Explorer > ;?ëë$???µ] > shell\\open\\\command=trikfx/spomenar.exe > ;Là?ÿÜ??Üü`ásáµ????Dþ?é'?µ??rm?ò? > shell\\explore\\command=trikfx/spomenar.exe > ;??àg'æë? > useautoplay=1 > > VirusTotal for this file: > http://www.virustotal.com/analisis/e22b8e9b4fbdb876904373e647306a3f0a8d2c5bbb50e708a87464c83c962dba-1277992532 > > > On Wed, Jun 30, 2010 at 4:06 PM, Mike Patterson <[email protected]> wrote: > >> On 10-06-30 12:05 PM, Craig Freyman wrote: >> > When the AV flags a virus, what steps should you take to handle the >> > situation? >> > >> > I would assume the following would be important to figure out: >> [...] >> > - ?? >> >> First and foremost: is this a false positive? >> >> Other than that, Josh Little's response is good. >> >> Mike >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
