[Dshield] Possible virus/worm?

James Riden j.riden at massey.ac.nz
Tue Oct 26 19:12:37 GMT 2004


"Isaac Perez" <pobletman at hotmail.com> writes:

> I had more or less the same problem, but with the avg antivirus, it can't
> detect a virus that collapse the network attacking other windows in the port
> 445, in our case windows xp.
> In our case the virus was a .dll and runs explorer.exe to conect the
> network.
> We cleaned it with stinger:
> http://vil.nai.com/vil/stinger/
> you can try it.
> I wish it will be useful to you.

Also try http://www.clamwin.com/ - a Windows port of ClamAV. I
wouldn't recommend it as your sole AV software, but it's a useful
backup if your primary one isn't catching a particular thing. (In my
case Symantec wasn't picking up an Rxbot variant, but ClamWin
identified it as a generic MS04-011 exploit.

cheers,
 Jamie
-- 
James Riden / j.riden at massey.ac.nz / Systems Security Engineer
Information Technology Services, Massey University, NZ.
GPG public key available at: http://www.massey.ac.nz/~jriden/




More information about the list mailing list