[Dshield] New virus?

Danny danny at eboundary.com
Fri Mar 7 22:46:08 GMT 2003

Hash: SHA1

Hey Guys,
	   We have been alerted to a virus outbreak by one of our sister
networks that appears to be new and undetected by Norton AV and is
mis-detected by McAfee. McAfee detects this virus as backdoor-jz but is
unable to clean the virus. Sorry I don't have a whole lot of details on
this yet but here is a list of the files running on infected systems. 

> These are the virus processes that we've seen running:
> cbnegs.exe
> Winlogon .exe
> sjhdyl.exe
> kbld.exe
> duckduck.exe
> explorer .exe
> ~xxxxx
> oocfwm.exe
> gwigsb.exe
> jkexnj.exe
> lknq.exe
> kjnj.exe

The virus appears to infect Windows hosts regardless of the OS version.
It appears to alter the start menu items of infected hosts and makes
them look garbled. At this time I don't know how this virus is spreading
but I will let you know if I find out, none of the hosts I have access
to are currently infected but it appears to be spreading through our
sister network pretty quickly.

Has anyone seen anything like this? Or recognize the signature maybe? 

Any info would be greatly appreciated.

Network Security Engineer
Drexel University
PGP Print: C6AD B205 E3C6 38AB 0164 6604 66F5 CCFC F4ED F1E0
PGP Key: http://akasha.irt.drexel.edu/danny.asc

Version: PGP 8.0


More information about the list mailing list