New trojan out there, beware!

[ Follow Ups ] [ Post Followup ] [ CPU-Central Message Board ] [ Home ]

Subject: New trojan out there, beware!
Name:

SickOfItAll
Date: 5/18/2002 12:56:34 PM (GMT-7)
IP Address: 66.169.234.32
Message:

I discovered a nasty little IRC bot trojan on my system last night that managed to sneak by Norton AV and Trend Micro with the latest definitions.

It appears to act as a fileserver for warez, and promptly filled up all available space on my C: partition with partial (600K) files (warez, mp3, avi, etc). There was a new line in my registry calling C:\WINDOWS\SYSTEM\EXPLORER.SCR and the warez files were all going into C:\WINDOWS\TEMP\sys32. If you experience similar symptoms, the remedy seems to be to disconnect your PC from the net (stops the steady stream of files coming in). Remove the line from your registry, delete the EXPLORER.SCR, and restart the machine. Then delete the \TEMP\sys32 folder (you won't be able to until after restart, the folder is "in use" and causes a sharing violation if you try to delete it while the trojan is running).

[ View FollowUps | Post Followup | E-Mail Sender | Main ]

Follow Ups:

Re: New trojan out there, beware! - Bones -[5/21/2002 12:13:23 AM (GMT+0)]
- Well, it isn't actually an IRC bot - SickOfItAll -[5/21/2002 3:20:34 AM (GMT+0)]
Found out what it was - a Kazaa virus! - SickOfItAll -[5/20/2002 10:16:26 PM (GMT+0)]
- Weren't you lucky? - Connie -[5/20/2002 11:56:43 PM (GMT+0)]
Papa email virus was very active last week - Dan Druff -[5/20/2002 8:09:43 PM (GMT+0)]

Maximum of 100 messages displayed.

Post a Followup

[ Follow Ups ] [ Post Followup ] [ CPU-Central Message Board ]