AnsweredAssumed Answered

vrf another VIRUS-attack - how to find them

Question asked by hansolofalcon on Mar 4, 2004
Hello (again) from Gregg C Levine
Thanks! That does clear up a few things. I know my system is clean,
Norton updates itself every several days, here, and does a scan every
Friday. The computer says he's fine. In fact, I have not gotten
complaints from any one else. Scott, if your listening, this does wrap
up things. Just for fun, what is the list server running on? If its a
Windows 2000 Server, or Advanced Server, box, I suggest tracking down
an anti-virus solution aimed for that family.
-------------------
Gregg C Levine hansolofalcon@worldnet.att.net
------------------------------------------------------------
"The Force will be with you...Always." Obi-Wan Kenobi
"Use the Force, Luke." Obi-Wan Kenobi
(This company dedicates this E-Mail to General Obi-Wan Kenobi )
(This company dedicates this E-Mail to Master Yoda )



> -----Original Message-----
> From: stefan.paulick@urbeli.com [mailto:stefan.paulick@urbeli.com]
> Sent: Friday, March 05, 2004 3:17 AM
> To: VRF
> Subject: [vrf] Re: another VIRUS-attack - how to find them
>
> Hi vrf,
>
> the acuals viruses are massmailing worms using their own
SMTP-engines,
> so I`m more than confident that Agilent`s server are NOT the source.
>
> You may check your systems`s registry for the following items:
>
> Netsky.B:
>
> [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionR
> un]
> "service" = "%windir%services.exe -serv"
>
> Netsky.C:
>
> [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionR
> un]
> "ICQ Net" = "%Windir%winlogon.exe -stealth"
>
> Netsky.D:
>
> [HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionR
> un]
> "ICQ Net" = "%windir%winlogon.exe -stealth"
>
> They start with your system and scan files for mail adresses, using
them
> both as sender and receiver. Once running, a virus scanner can not
> identify this service as a virus! Nasty clever little bastards,
aren`t they?
>
> Symantec and NAI provide freeware tools to scan and remove them.
>
>
> Hope that helps a little,
>
> Stefan
>
>
> ---
> You are currently subscribed to vrf as:
hansolofalcon@worldnet.att.net
> To subscribe send a blank email to
"join-vrf@it.lists.it.agilent.com".
> To unsubscribe send a blank email to
"leave-vrf@it.lists.it.agilent.com".
> To send messages to this mailing list,  email "vrf@agilent.com".
> If you need help with the mailing list send a message to "owner-
> vrf@it.lists.it.agilent.com".


---
You are currently subscribed to vrf as: rsb@soco.agilent.com
To subscribe send a blank email to "join-vrf@it.lists.it.agilent.com".
To unsubscribe send a blank email to "leave-vrf@it.lists.it.agilent.com".
To send messages to this mailing list,  email "vrf@agilent.com". 
If you need help with the mailing list send a message to "owner-vrf@it.lists.it.agilent.com".

Outcomes