Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

New Nasty

Notifications for Security Updates, as well as News and Information from across the web - mostly security minded.

Update Contributors: Members of the Malware Removal University.

Regular Members: Our Regular Members are invited to start and/or participate in all other topics. Join in and share the news that's important to you.

New Nasty

Unread postby Piney » September 21st, 2005, 3:45 am

First detected September 20 so of course I got one via email. Thankfully, Symantec had just done an auto def update. (of course, I wouldn't have tried to open it....it appeared to be from me to me with an attachment)

http://securityresponse.symantec.com/av ... oso.q.html

It targets the security programs:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec
HKEY_LOCAL_MACHINE\SOFTWARE\McAfee
HKEY_LOCAL_MACHINE\SOFTWARE\KasperskyLab
HKEY_LOCAL_MACHINE\SOFTWARE\Agnitum
HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software
HKEY_LOCAL_MACHINE\SOFTWARE\Zone Labs


So far, Symantec only recommends scanning with updated defs

Ugly little piece of nastiness
Piney
Retired Graduate
 
Posts: 936
Joined: July 24th, 2005, 2:39 pm
Advertisement
Register to Remove

Unread postby 'KotaGuy » September 21st, 2005, 12:08 pm

Thanks Piney!

Wife got one of those last night as well... checked the source on it because it did look like she had sent it to herself... her email ends with @shaw.ca... this one came from @principal.com. The email account name was spelled differently too... my wifes is all lower case... this one had an upper case letter in it as well.

Payload in this case was named 06.exe... Norton took care of it.

Just checked the wifes machine again... was going to look a bit further into the source/return path as my brain was foggy last night(flu)... seems she has deleted it.

Will watch for others.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Unread postby Piney » September 21st, 2005, 5:37 pm

mine was @moxieinteractive.com and the 06 variety.

psssssssttttt I didn't remember all the above, I looked in the NIS log :oops:
Piney
Retired Graduate
 
Posts: 936
Joined: July 24th, 2005, 2:39 pm


Return to News Desk



Who is online

Users browsing this forum: No registered users and 25 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware