Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus Tuesday, New Bagel, New Mytob...

Notifications for Security Updates, as well as News and Information from across the web - mostly security minded.

Update Contributors: Members of the Malware Removal University.

Virus Tuesday, New Bagel, New Mytob...

Unread postby 'KotaGuy » May 31st, 2005, 12:14 pm

Bagel

"We've received a few reports that readers are receiving what appears to be a new version of the Bagel virus in email this morning. The attachments (so far) appear to be named as a single digit number zip file (eg: "5.zip" or "7.zip") or as a string (eg: "Be_not_jealous.zip") with a payload of "16_05_2005.exe" or "19_04_2005.exe". The .zip file is approximately 18k and is 36352 bytes when extracted. Upon execution, this file will be copied to C:\WINDOWS\System32\winshost.exe and will then fetch another 11k file and place it in C:\WINDOWS\System32\wiwshost.exe The registry key HKLM/Software/Microsoft/Windows/Current Version/Run is then updated to execute this winshost.exe file at boot.

Mytob

"We're also getting reports of a new Mytob virus. It appears that this one may be exploiting the MS05-016 vulnerability"

Internet Storm Center
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove

Unread postby 'KotaGuy » May 31st, 2005, 12:14 pm

Bump
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby ChrisRLG » May 31st, 2005, 12:16 pm

Just received a copy at work :)

Anyone wish to play with it.

AVG7 does not know about it yet - :( or at least did not stop me looking at the file.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby ChrisRLG » May 31st, 2005, 12:18 pm

Correction email was 8.zip and file was 16-05-2005.exe

So might be same - or next version.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

More Bagle trouble...

Unread postby 'KotaGuy » May 31st, 2005, 6:20 pm

"During the past hours, we've intercepted a flurry of new Bagle variants; apparently, it's been a busy day for the author, who keeps sending them out."

Viruslist Weblog
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to News Desk



Who is online

Users browsing this forum: No registered users and 12 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware