Warning: New virus W32/[email protected] , found in wild but not in many AV defs yet

Discussion in 'Computer Support' started by enemy, Apr 4, 2004.

  1. enemy

    enemy Guest

    I got this in email last night. I knew enough not to open the
    attachment but neither Norton nor F-Prot could identify it as a virus.

    I examined it (e.g. for strings) and found:

    a) Subject: Hi, it's me

    b) Origin: home.nl

    c) Attachment: Textdocument.pif, 42496 bytes, UPX packed PE executable
    but not unpackable with UPX

    d) Interesting strings found:
    name of Visual BASIC 6 runtime DLL's
    wsock32.dll
    "All AV: Die NTP, Update,... Funktionen, waren bereits ab Version.A
    vorhanden
    Im diesen Sinne:Odin alias Anon"

    Pmessage-text.txt"

    The Norton definitions won't catch up to it for a few hours yet until
    late GMT Sunday (intelligent updater download - live update may be a
    few days longer) and the f-prot definitions just caught up to it three
    hours ago at 1102 GMT Sunday.

    http://www.sarc.com/avcenter/venc/data/
     
    enemy, Apr 4, 2004
    #1
    1. Advertisements

  2. enemy

    °Mike° Guest

    This is *already* detected by Kaspersky. KAV labs
    have given it the alias "I-Worm VB.c".

    Subject: damn!
    Body:
    hi its me

    i've found a shity virus on my pc. check your pc, too!
    follow the steps in this article.

    bye

    Attachment: anitv_text.pif
    Size: 42,496 bytes.
     
    °Mike°, Apr 4, 2004
    #2
    1. Advertisements

  3. enemy

    name Guest


    Hello... I also get many emails each day containing a virus attachment
    of about 50 kb.

    The virus is reported by yahoo to be:
    =============================================================
    Scan result: Virus "[email protected]" found.
    You can not download this attachment. You have two options:
    1. Sign up for Yahoo! Mail Plus to get automatic cleaning of infected
    attachments. Learn more.
    (Note: Not all viruses can be cleaned.)
    2. Contact the message sender and request that they resend the
    attachment to you after cleaning it with anti-virus software.
    ==============================================================

    Here is an example of one of these emails, including headers:

    This message is not flagged. [ Flag Message - Mark as Unread ]

    X-Apparently-To: via 216.109.116.225; Sat, 17 Apr
    2004 14:42:55 -0700
    X-YahooFilteredBulk: 81.205.243.3
    Return-Path: <>
    Received: from 81.205.243.3 (EHLO cijfersprokkel.com) (81.205.243.3)
    by mta103.mail.scd.yahoo.com with SMTP; Sat, 17 Apr 2004 14:42:48
    -0700
    From: Add to Address Book
    Date: Sat, 17 Apr 2004 23:44:35
    Subject: damn!
    Importance: Normal
    X-Priority: 3 (Normal)
    Message-ID: <>
    MIME-Version: 1.0
    Content-Type: multipart/mixed;
    boundary="====cdebbaffafcbfaffedbefabbcf"
    This is a multi-part message in MIME format.
    Content-Length: 43800




    hi its me

    i've found a shity virus on my pc. check your pc, too!
    follow the steps in this article.

    bye



    *** Mail Scanner: No Virus found
    *** YAHOO Anti Virus
    *** http://www.yahoo.com




    Attachment




    your_article.pif
    ..pif file
     
    name, Apr 17, 2004
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.