Date: Thu, 4 Mar 2004 12:59:20 +0500 From: Anikin Vyacheslav <ghos@mail.ru> To: freebsd-doc-owner@freebsd.org, freebsd-hackers@freebsd.org Subject: Re: ?Virus?/?Trojan? recieved from freebsd-doc@FreeBSD.org Message-ID: <7019017165.20040304125920@mail.ru> In-Reply-To: <15018118382.20040304124421@mail.ru> References: <15018118382.20040304124421@mail.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
In latest mail on 03 MAR, 2004 19:21 +0500 GMT (YEKT), Anikin Vyacheslav (i.e. me) wrote: > ... > > The attached file is Windows executable (PE format) packed by UPX. > In import table presents a lot of procedures such as: > > URLDownLoadToFile > GetNetworkParams > InternetOpenA > > and others procedures from wininet.dll and wsock32.dll. > > I think, attached file is trojan. If anybody need attached file I can send it. I scanned this attach file with The AntiViral Toolkit (AVP Kasperski) with the daily-update (at 4 march 2004) and retrieve report: # # th, 4 MAR 2004, 10:46:33 +0500 GMT # # Object Result Description # ----------------------------------------------------------------------------- # <...>\trojan-maybe.exe.xxx Infected I-Worm.Bagle.i Also scanned with DrWeb (daily-update, too). Report looking like that: # <...>\TROJAN-MAYBE.EXE.XXX packed UPX # <...>\TROJAN-MAYBE.EXE.XXX infected Win32.HLLM.Beagle.based -- Anikin Vyacheslav a.k.a ghos <ghos@mail.ru>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7019017165.20040304125920>