New virus running around

[kenboyles72]

I'm running AVG free and downloaded latest update. Did a scan and found this virus . Don't know how long i had it, but its gone now

Win32/Gaelicum.A
alias: Win32.Tenga, W32.Licum, W32/Gael

It`s parasitic infector and internet worm.

Virus spreads itself exploiting Buffer Overrun In RPC Interface vulnerability described in Microsoft Security Bulletin MS03-026.

When the worm is launched, it infects .EXE files on all accessible drives.

Virus also tries to download trojan horse from the internet.

Healing:
Please download Vcleaner utility.

Just wanted y'all to know whats up and how to fix it.

[jml90]

How I love NOT running Windows

[mr.jiggyfly]

Eh this takes advantage of that RPC vulnerability, which WAS an issue a few years back (blaster worm anyone?). Please patch your Windows installations people. SP2 and all that other stuff at the Microsoft update page.

I hope you learned your lesson Ken ^_^

[kenboyles72]

Quote:

Originally Posted by mr.jiggyfly

......I hope you learned your lesson Ken ^_^

I'm running winxp/sp2 with all latest security updates and patches and anti-virus kept up to date thank ya very much.

[mr.jiggyfly]

This particular vulnerability was described in detail in the article you linked, and a patch was released by Microsoft back in 2003, which is also in that link.

In any case, please check if indeed you do have that patch installed.

Edit: Check this out

http://www.codingforums.com/archive/...p/t-63654.html

Seems this user got infected even with SP2 installed. Ok I guess I figured it out, you may have been patched against the worm, but was still open to attack by the virus itself, which probably hitched a ride on something you downloaded.