675,865 reviews,
402 today

implexant · 03-12-2004, 03:01 PM

Hi there,

I have a client who just called, two of their eight computers have these weird zip files all over the place. They are named things like asdikljsda.zip, 390asdljk892.zip, asdjklsadklj.zip. Just odd random names. On the root of C:\, desktop, my documents, program files, you name it, there's at least one zip file around. They have a fairly secure network, with a router/firewall and Symantec Corporate Virus Scan running constantly. A win2k domain controller exists and controls everything.

One of the computers is also missing some files in My Documents.

I'm scanning it for viruses as we speak, but I can't believe anything would have gotten through.

Any ideas on how to get her files back? And how they went away?

TIA

-Chris

03-12-2004, 03:02 PM

Sounds like a "worm". I just had somebody with the same thing. Norton removed it, but don't remember exactly which "worm" it was.

implexant · 03-12-2004, 03:06 PM

I see, well SAV isn't recognizing it, even with today's definition. I've also noticed alot of oddly and randomly named .exe files all over the place. It has spread to networked drives, but of course unless the exe is run on the other computers, it still only effects one computer.

Odd, wish I had the name of the worm.

Thanks ER!

-Chris

03-12-2004, 03:10 PM

I'm looking.

I think it was Beagle or a variant of it.

implexant · 03-12-2004, 06:29 PM

Got the latest def file and it's detecting as MyDoom

Go figure.

-Chris

ArcticFox · 03-14-2004, 04:20 PM

How big are the random EXE and ZIP files?

implexant · 03-14-2004, 07:00 PM

Didn't check, and VNC isn't working on her workstation for whatever reason. I'm going to have to wait until Monday to finish this up.

-Chris

HeddaLora · 03-17-2004, 05:55 PM

The latest variant was around for 1-2 days before it was added to the AV data files, so that would explain why it wasn't caught by the AV software. The real question in my mind is how did those files get onto her hard drive without user intervention? One can receive these as e-mail attachments and simply delete the e-mails. So I'm guessing she saved them onto the hard drive herself?

Hedda Lora

implexant · 03-17-2004, 07:38 PM

Quote:

Originally posted by HeddaLora
The latest variant was around for 1-2 days before it was added to the AV data files, so that would explain why it wasn't caught by the AV software. The real question in my mind is how did those files get onto her hard drive without user intervention? One can receive these as e-mail attachments and simply delete the e-mails. So I'm guessing she saved them onto the hard drive herself?

Hedda Lora

Turns out that she did open it, but thought she didn't. Got an email from me (spoofed of course) and opened it. Ended up being the virus.

The spoofers are using my address alot. Irritates me.

-Chris

675,865 reviews, 402 today

675,865 reviews,
402 today