[Dshield] virus that disable regedit/msconfig?

Diamond King mercyful_fated at yahoo.com
Thu Oct 28 05:50:33 GMT 2004


hello people. Recently, there are some viruses attack
on our network. For your information, our gateway is a
Linux machine equipped with Squid and shorewall
firewall. Last week, the Squid started to act weird
and as i browse through the cache.log file, i can see
many  "Request header is too large (24575 bytes)" logs
on it. This made the squid performance slow down. 

We went to scan the user's PC with trendmicro's
sysclean utility and spyware doctor. Most of the
infected user are unable to start it's antivirus
software. By the way, the infected user are attacking
port 135,139 and 445. It also attacking the port 80
and 443( i reckon that's the reason why Squid is
slow). Sysclean found WORM_SDBOT.SE while spyware
doctor detected at least a hundred of spywares. 

One of the symptom of this virus is we are unable to
run regedit,msconfig as well. It popup a few second
then went off. Same thing happened while we tried to
patch their Windows. After scanning it, the infected
PC seems to stop spreading but i still can see few
http port request on ip address 192.x.x.x. Weird
thing. However, after cleaning sdbot.se, we still cant
access regedit/msconfig or patch the system. Can
someone please advice me what can be done to resolve
this issue? thanks for the time.

brian


		
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 



More information about the list mailing list