New Virus

no1lfcfan · 19-09-2003 8:55am #1

I just read on Ireland.com that there is a new virus for microsoft software(nothing new there so)

Did anyone here anything about his??

Lukin Black · 19-09-2003 9:04am

Did it give a name? This one - Swen, perhaps? Looks like it's a beeyatch to remove. It's only been included in yesterday's NAV definitions.

dod · 19-09-2003 9:35am

Now that does look like a beeeatch

no1lfcfan · 19-09-2003 9:50am

Thats the one Lukin Black.

Have downloaded the latest DAT on my systems so I should be covered (fingers crossed)

Tivoli · 19-09-2003 10:03am

yeah its called W32.Swen.A@mm

it will look like a patch from microsoft, doupt too many people still fall for that, but it also comes as a message delivery failure.
i got it in an email 8 times by 7pm yesterday and norton antivirus didnt detect it even after a live update,got it about 80 more times overnight.
if you run it it asks you to confirm if you want to install it, but whether you say yes or no you infect the pc
attachement is 106kb,

no1lfcfan · 19-09-2003 10:33am

This explains it better

http://vil.nai.com/vil/content/v_100662.htm

LoLth · 19-09-2003 10:57am

That NAi site has a link to an Extra.DAT for updating your antivirus (instead of waiting until thursday updates) and a registry cleaner that will remove the entries placed by Swen.

moridin · 19-09-2003 11:35am

To the foredeck matey, there's lootin to be done!

Paddyo · 19-09-2003 1:48pm

Sophos have called this worm W32/Gibe-F

Paddyo

Capt'n Midnight · 19-09-2003 3:12pm

you can use the SGET util (somewhere on the CD) to download lastest IDE's - use your favorite schedule app.

sget.exe http://www.sophos.co.uk/downloads/ide/ides.zip
Use FC to compare this download with the previous one

If they are different then You can then use the appropiate program to unzip the update into the sophos folder and then run SETUP.EXE -UPDATE to incorporate the changes

Note: Two more IDE's since that one....

19/09/03 13:26 415 YAHA-W.IDE
18/09/03 17:23 161 ORAGON-A.IDE
18/09/03 13:22 441 GIBE-F.IDE

Paddyo · 19-09-2003 3:50pm

We had been using the Sget utility which was triggered each time a virus alert came in from Sophos - then ran a central install update.

Now we are using the Sophos Enterprise Manager and Savadmin to keep our identities up to date - works a treat.

Paddyo

LoLth · 19-09-2003 4:37pm

Slight technical hitch...

the registry cleaning tool from mcafee for this virus is blocked from access the registry, even in safe mode!

Anyone know of a removal tool that can be run?

Paddyo · 19-09-2003 5:03pm

Hi

I dont know if this works or not, I saw a link to it on this board
http://www.dslreports.com/forum/remark,7999057~root=security,1~mode=flat;start=0[/URL]

The Removal Tool

http://www.bitdefender.com/html/virusinfo.php?menu_id=1&v_id=158

Hope it works

Paddyo

LoLth · 19-09-2003 5:39pm

thanks paddy0. Looks like it will work.

Will have a field test on monday morning

Carnate · 19-09-2003 5:50pm

22 so far and counting Norton is working overtime, all the same viruses Worm.automat.AHB.

Sigh usual.. here we go again.

zAbbo · 20-09-2003 4:06pm

i had my 50 machines up to date, Mc Afee Groupshield Manager on the email server as well, only picked up one instance and dealt with it there and then

New Virus

Comments