[unisog] zotob variant?
flynngn at jmu.edu
Thu Oct 13 12:25:12 GMT 2005
Carol Myers wrote:
> I received the following and haven't found anything yet, symantec or
> otherwise, that is helping with this college's issue...here's the text
> I was wondering if any of you have encountered problems like we have. On
> or around the 14^th , I believe we were hit with a worm on our Windows
> 2000 systems. I believe it is the same **type** of worm that is
> responsible for zotob, but Symantec says nothing about what I’m seeing.
> Here are some of the tell-tale signs:
> A local account is created called ExchangeAdmin that is made an
> A service is created called “Users service for disk management requests”
> that points to CHKDSK32 in WINNT\System32.
Get a sample and submit it Virustotal at:
They'll run multiple vendor's AV products against
it. Also submit a sample to Symantec if that is
your AV vendor.
I'm running across an unknown piece of malware almost
once a week. More often if I look for it.
Were the machines patched? Did they have a strong
James Madison University
More information about the unisog