D
Dr Halonfires LesGirl
Blaster-E has made its appearance; basically a copy of Blaster-A which
creates a different key.
creates a different key.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
?
=?iso-8859-1?Q?Pourquoi_tant_d'=E9toiles_pour_si_p
In
Good idea to post.
However is it so difficult to cut and paste the link for the readers ?
Here it is : http://www.sophos.com/virusinfo/analyses/w32blastere.html
Dr Halonfires LesGirl said:Blaster-E has made its appearance; basically a copy of Blaster-A which
creates a different key.
Good idea to post.
However is it so difficult to cut and paste the link for the readers ?
Here it is : http://www.sophos.com/virusinfo/analyses/w32blastere.html
D
Dr Halonfires LesGirl
Pourquoi tant d'étoiles pour si peu de trèfles à quatre feuilles ?
wrote:
You can get to that and more thru my site. New one today = Nugosh-A. :-
W32/Nugosh-A is a mass mailing worm that spreads to email addresses found in
files on the local hard drive. The message sent has the following
characteristics:
Subject line: Use this patch immediately !
Attached File: patch.exe
From: "Microsoft" <[email protected]>
Message text: Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!
W32/Nugosh-A copies itself as dllreg.exe to the Windows folder, as
load32.exe and vxdmgr.exe to the Windows system folder, and as rundllw.exe
to the StartUp folder.
The worm creates the following registry key to run itself on system start:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\load32
The worm also changes the run parameter in the [Windows] section of win.ini
and the shell parameter in the [Boot] section of system.ini.
W32/Nugosh-A drops a keylogging component as guid32.dll, an IRC-based
distributed denial-of-service Trojan as windrive.exe and a hacked utility to
export Outlook Express and Internet Explorer passwords as winimg.exe, all to
the Windows system folder. These are all detected as W32/Nugosh-A.
The worm will kill off the following processes if they are running:
AGENTSVR.EXE
ANTS.EXE
APLICA32.EXE
APVXDWIN.EXE
ATCON.EXE
ATUPDATER.EXE
ATWATCH.EXE
AVSYNMGR.EXE
BLACKD.EXE
BLACKICE.EXE
CFIADMIN.EXE
CFIAUDIT.EXE
CFINET.EXE
CFINET32.EXE
DEFWATCH.EXE
DRWATSON.EXE
FAST.EXE
FRW.EXE
GUARD.EXE
IAMAPP.EXE
IAMSERV.EXE
ICLOAD95.EXE
ICLOADNT.EXE
ICMON.EXE
ICSUPP95.EXE
ICSUPPNT.EXE
LOCKDOWN.EXE
LOCKDOWN2000.EXE
LUALL.EXE
LUCOMSERVER.EXE
MCAGENT.EXE
MCUPDATE.EXE
MGUI.EXE
MINILOG.EXE
MOOLIVE.EXE
MSCONFIG.EXE
MSSMMC32.EXE
NDD32.EXE
NETSTAT.EXE
NISSERV.EXE
NISUM.EXE
NMAIN.EXE
NPROTECT.EXE
NSCHED32.EXE
NVARCH16.EXE
PAVPROXY.EXE
PCCIOMON.EXE
PCFWALLICON.EXE
PERSFW.EXE
POPROXY.EXE
PVIEW95.EXE
REGEDIT.EXE
RTVSCN95.EXE
SAFEWEB.EXE
SPHINX.EXE
SPYXX.EXE
SS3EDIT.EXE
SYSEDIT.EXE
TAUMON.EXE
TC.EXE
TCA.EXE
TCM.EXE
TDS2-98.EXE
TDS2-NT.EXE
TDS-3.EXE
UPDATE.EXE
VPC42.EXE
VPTRAY.EXE
VSECOMR.EXE
VSHWIN32.EXE
VSMAIN.EXE
VSMON.EXE
VSSTAT.EXE
WATCHDOG.EXE
WEBSCANX.EXE
WGFE95.EXE
WRADMIN.EXE
WRCTRL.EXE
WRCTRL.EXE
ZAPRO.EXE
ZATUTOR.EXE
ZAUINST.EXE
ZONEALARM.EXE
wrote:
You can get to that and more thru my site. New one today = Nugosh-A. :-
W32/Nugosh-A is a mass mailing worm that spreads to email addresses found in
files on the local hard drive. The message sent has the following
characteristics:
Subject line: Use this patch immediately !
Attached File: patch.exe
From: "Microsoft" <[email protected]>
Message text: Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!
W32/Nugosh-A copies itself as dllreg.exe to the Windows folder, as
load32.exe and vxdmgr.exe to the Windows system folder, and as rundllw.exe
to the StartUp folder.
The worm creates the following registry key to run itself on system start:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\load32
The worm also changes the run parameter in the [Windows] section of win.ini
and the shell parameter in the [Boot] section of system.ini.
W32/Nugosh-A drops a keylogging component as guid32.dll, an IRC-based
distributed denial-of-service Trojan as windrive.exe and a hacked utility to
export Outlook Express and Internet Explorer passwords as winimg.exe, all to
the Windows system folder. These are all detected as W32/Nugosh-A.
The worm will kill off the following processes if they are running:
AGENTSVR.EXE
ANTS.EXE
APLICA32.EXE
APVXDWIN.EXE
ATCON.EXE
ATUPDATER.EXE
ATWATCH.EXE
AVSYNMGR.EXE
BLACKD.EXE
BLACKICE.EXE
CFIADMIN.EXE
CFIAUDIT.EXE
CFINET.EXE
CFINET32.EXE
DEFWATCH.EXE
DRWATSON.EXE
FAST.EXE
FRW.EXE
GUARD.EXE
IAMAPP.EXE
IAMSERV.EXE
ICLOAD95.EXE
ICLOADNT.EXE
ICMON.EXE
ICSUPP95.EXE
ICSUPPNT.EXE
LOCKDOWN.EXE
LOCKDOWN2000.EXE
LUALL.EXE
LUCOMSERVER.EXE
MCAGENT.EXE
MCUPDATE.EXE
MGUI.EXE
MINILOG.EXE
MOOLIVE.EXE
MSCONFIG.EXE
MSSMMC32.EXE
NDD32.EXE
NETSTAT.EXE
NISSERV.EXE
NISUM.EXE
NMAIN.EXE
NPROTECT.EXE
NSCHED32.EXE
NVARCH16.EXE
PAVPROXY.EXE
PCCIOMON.EXE
PCFWALLICON.EXE
PERSFW.EXE
POPROXY.EXE
PVIEW95.EXE
REGEDIT.EXE
RTVSCN95.EXE
SAFEWEB.EXE
SPHINX.EXE
SPYXX.EXE
SS3EDIT.EXE
SYSEDIT.EXE
TAUMON.EXE
TC.EXE
TCA.EXE
TCM.EXE
TDS2-98.EXE
TDS2-NT.EXE
TDS-3.EXE
UPDATE.EXE
VPC42.EXE
VPTRAY.EXE
VSECOMR.EXE
VSHWIN32.EXE
VSMAIN.EXE
VSMON.EXE
VSSTAT.EXE
WATCHDOG.EXE
WEBSCANX.EXE
WGFE95.EXE
WRADMIN.EXE
WRCTRL.EXE
WRCTRL.EXE
ZAPRO.EXE
ZATUTOR.EXE
ZAUINST.EXE
ZONEALARM.EXE
D
Dr Halonfires LesGirl
Dr said:Pourquoi tant d'étoiles pour si peu de trèfles à quatre feuilles ?
wrote:In Dr Halonfires LesGirl <[email protected]> typed:
Blaster-E has made its appearance; basically a copy of Blaster-A
which creates a different key.
--
NEW SECTION:-
Virus Alerts LIVE from Sophos !
Good idea to post.
However is it so difficult to cut and paste the link for the
readers ?
Here it is :
http://www.sophos.com/virusinfo/analyses/w32blastere.html
--
Jean-Luc Cavey
Paris, France
E-Mail : (e-mail address removed)
You can get to that and more thru my site. New one today = Nugosh-A.
:- W32/Nugosh-A is a mass mailing worm that spreads to email
addresses found in files on the local hard drive. The message sent
has the following characteristics:
Subject line: Use this patch immediately !
Attached File: patch.exe
From: "Microsoft" <[email protected]>
Message text: Dear friend , use this Internet Explorer patch now!
There are dangerous virus in the Internet now!
More than 500.000 already infected!
W32/Nugosh-A copies itself as dllreg.exe to the Windows folder, as
load32.exe and vxdmgr.exe to the Windows system folder, and as
rundllw.exe to the StartUp folder.
The worm creates the following registry key to run itself on system
start:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\load32
The worm also changes the run parameter in the [Windows] section of
win.ini and the shell parameter in the [Boot] section of system.ini.
W32/Nugosh-A drops a keylogging component as guid32.dll, an IRC-based
distributed denial-of-service Trojan as windrive.exe and a hacked
utility to export Outlook Express and Internet Explorer passwords as
winimg.exe, all to the Windows system folder. These are all detected
as W32/Nugosh-A.
The worm will kill off the following processes if they are running:
AGENTSVR.EXE
ANTS.EXE
APLICA32.EXE
APVXDWIN.EXE
ATCON.EXE
ATUPDATER.EXE
ATWATCH.EXE
AVSYNMGR.EXE
BLACKD.EXE
BLACKICE.EXE
CFIADMIN.EXE
CFIAUDIT.EXE
CFINET.EXE
CFINET32.EXE
DEFWATCH.EXE
DRWATSON.EXE
FAST.EXE
FRW.EXE
GUARD.EXE
IAMAPP.EXE
IAMSERV.EXE
ICLOAD95.EXE
ICLOADNT.EXE
ICMON.EXE
ICSUPP95.EXE
ICSUPPNT.EXE
LOCKDOWN.EXE
LOCKDOWN2000.EXE
LUALL.EXE
LUCOMSERVER.EXE
MCAGENT.EXE
MCUPDATE.EXE
MGUI.EXE
MINILOG.EXE
MOOLIVE.EXE
MSCONFIG.EXE
MSSMMC32.EXE
NDD32.EXE
NETSTAT.EXE
NISSERV.EXE
NISUM.EXE
NMAIN.EXE
NPROTECT.EXE
NSCHED32.EXE
NVARCH16.EXE
PAVPROXY.EXE
PCCIOMON.EXE
PCFWALLICON.EXE
PERSFW.EXE
POPROXY.EXE
PVIEW95.EXE
REGEDIT.EXE
RTVSCN95.EXE
SAFEWEB.EXE
SPHINX.EXE
SPYXX.EXE
SS3EDIT.EXE
SYSEDIT.EXE
TAUMON.EXE
TC.EXE
TCA.EXE
TCM.EXE
TDS2-98.EXE
TDS2-NT.EXE
TDS-3.EXE
UPDATE.EXE
VPC42.EXE
VPTRAY.EXE
VSECOMR.EXE
VSHWIN32.EXE
VSMAIN.EXE
VSMON.EXE
VSSTAT.EXE
WATCHDOG.EXE
WEBSCANX.EXE
WGFE95.EXE
WRADMIN.EXE
WRCTRL.EXE
WRCTRL.EXE
ZAPRO.EXE
ZATUTOR.EXE
ZAUINST.EXE
ZONEALARM.EXE
--
NEW SECTION:-
Virus Alerts LIVE from Sophos !
Also : Bush is Out of His Tree !!!
at http://tinyurl.com/fks4
Not forgetting Raleka-B
More information about W32/Raleka-B can be found at
http://www.sophos.com/virusinfo/analyses/w32ralekab.html
Yet more virus and other information can be found at my site.
G
Gabriele Neukam
On that special day, Dr Halonfires LesGirl, ([email protected]) said...
New, you say?
I've been getting these Dumaru infested mails (that's the name other AV
vendors have given to it) since last monday.
Gabriele Neukam
(e-mail address removed)
New one today = Nugosh-A. :-
New, you say?
W32/Nugosh-A is a mass mailing worm that spreads to email addresses found in
files on the local hard drive. The message sent has the following
characteristics:
Subject line: Use this patch immediately !
I've been getting these Dumaru infested mails (that's the name other AV
vendors have given to it) since last monday.
Gabriele Neukam
(e-mail address removed)