[Dshield] Possible virus/worm?

Isaac Perez pobletman at hotmail.com
Sun Oct 24 17:56:43 GMT 2004

I had more or less the same problem, but with the avg antivirus, it can't
detect a virus that collapse the network attacking other windows in the port
445, in our case windows xp.
In our case the virus was a .dll and runs explorer.exe to conect the
We cleaned it with stinger:
you can try it.
I wish it will be useful to you.

----- Original Message -----
From: "Ted August" <taugust04 at gmail.com>
To: <list at lists.dshield.org>
Sent: Saturday, October 23, 2004 9:08 PM
Subject: [Dshield] Possible virus/worm?

> Hello everyone,
> I am new to this list, but I have been google-ing all day and have not
> been able to find anything to my answers so far.  Our network was
> recently hit with a new worm/virus that has not been detected by
> Symantec AV Corporate.
> The symptoms are as follows:
> 1.  Creates a file called "quiktime32.exe" (note the mis-spelling) in
> c:\%systemroot%\system32.
> 2.  Creates a service called "QuickTime Player" that cannot be
> disabled or stopped from the Computer Management Console.
> 3.  Generates a ton of traffic on port 445.
> One of our network admins believes that this is a new variant of
> Sasser, but otherwise we have been unsuccessful in diagnosing the
> problem.  It seems to have only hit mostly Windows 2000 computers on
> our network.
> If anyone else having the same problem, and could provide some
> feedback as to what this is, it would be much appreciated.  We did
> submit the file to Symantec but haven't heard back yet.
> Thanks!
> Ted August
> _______________________________________________
> DShield and the Internet Storm Center are sponsored by the SANS Institute.
> To learn more about current SANS training, see http://www.sans.org .
> _______________________________________________
> send all posts to list at lists.dshield.org
> To change your subscription options (or unsubscribe), see:

More information about the list mailing list