New Virus or Old One with Broken Payload

Discussion in 'Anti-Virus' started by Dennis Cooper, Jan 26, 2004.

  1. We have experienced 3 of these today.

    The attachments are 23k in size each time, have been enclosed in avaxy.zip,
    wvfyfar.zip and file.zip.

    The actual filenames are "avaxy.htm
    ..scr"
    or "file.txt
    "
    or "wvfyfar.htm
    ..scr"
    (note the spaces or undisplayable characters before the .scr extensions).

    Etrust antivirus with 23.63.75 will not detect them as viruses, so I thought
    this was something new or the payload was damaged before arrival.
     
    Dennis Cooper, Jan 26, 2004
    #1
    1. Advertisements

  2. You can submit a copy to https://www.my-etrust.com/services/virusSample.cfm

    Regards, Dave Hodgins
     
    David W. Hodgins, Jan 26, 2004
    #2
    1. Advertisements

  3. Dennis Cooper

    Tanya Guest

    i have received 3 today (subject "hello" or "test") with readme.scr and text.scr

    i have ezTrust (upToDate) plus an upToDate avg6 neither of which registered
    these "messages"
     
    Tanya, Jan 27, 2004
    #3
  4. Dennis Cooper

    Big Will Guest

    If it's novarg, then defs just came out on symantec yesterday. I don't know
    when worm was released, though.

    --
    William

    If it don't work, hit it.
    If it still doesn't work, kick it.
    If it works after hitting it and kicking it, then it doesn't matter if
    hitting it or kicking it helped, what's important is that it works.
     
    Big Will, Jan 27, 2004
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.