Weird ZIP files all over  | | 
March 12th, 2004, 06:01 PM
|
#1 (permalink)
| | Ultimate Member
Join Date: Jun 2002 Location: Vancouver, WA, USA
Posts: 2,696
|
Hi there,
I have a client who just called, two of their eight computers have these weird zip files all over the place. They are named things like asdikljsda.zip, 390asdljk892.zip, asdjklsadklj.zip. Just odd random names. On the root of C:\, desktop, my documents, program files, you name it, there's at least one zip file around. They have a fairly secure network, with a router/firewall and Symantec Corporate Virus Scan running constantly. A win2k domain controller exists and controls everything.
One of the computers is also missing some files in My Documents.
I'm scanning it for viruses as we speak, but I can't believe anything would have gotten through.
Any ideas on how to get her files back? And how they went away?
TIA
-Chris | 
|  | |
March 12th, 2004, 06:02 PM
|
#2 (permalink)
| | Mean Moderator
Join Date: Oct 2001 Location: N of Music City, USA
Posts: 7,791
|
Sounds like a "worm". I just had somebody with the same thing. Norton removed it, but don't remember exactly which "worm" it was.
__________________
This signature intentionally left blank. | |
| | |
March 12th, 2004, 06:06 PM
|
#3 (permalink)
| | Ultimate Member
Join Date: Jun 2002 Location: Vancouver, WA, USA
Posts: 2,696
|
I see, well SAV isn't recognizing it, even with today's definition. I've also noticed alot of oddly and randomly named .exe files all over the place. It has spread to networked drives, but of course unless the exe is run on the other computers, it still only effects one computer.
Odd, wish I had the name of the worm.
Thanks ER!
-Chris | |
| | |
March 12th, 2004, 06:10 PM
|
#4 (permalink)
| | Mean Moderator
Join Date: Oct 2001 Location: N of Music City, USA
Posts: 7,791
|
I'm looking.
I think it was Beagle or a variant of it. | |
| | |
March 12th, 2004, 09:29 PM
|
#5 (permalink)
| | Ultimate Member
Join Date: Jun 2002 Location: Vancouver, WA, USA
Posts: 2,696
|
Got the latest def file and it's detecting as MyDoom
Go figure.
-Chris
__________________
http://www.implexant.com
| |
| | |
March 14th, 2004, 07:20 PM
|
#6 (permalink)
| | I'm silently judging you
Join Date: Jan 2003 Location: Lincoln City, OR
Posts: 5,379
|
How big are the random EXE and ZIP files? | |
| | |
March 14th, 2004, 10:00 PM
|
#7 (permalink)
| | Ultimate Member
Join Date: Jun 2002 Location: Vancouver, WA, USA
Posts: 2,696
|
Didn't check, and VNC isn't working on her workstation for whatever reason. I'm going to have to wait until Monday to finish this up.
-Chris | |
| | |
March 17th, 2004, 08:55 PM
|
#8 (permalink)
| | Member
Join Date: Oct 2003
Posts: 60
|
The latest variant was around for 1-2 days before it was added to the AV data files, so that would explain why it wasn't caught by the AV software. The real question in my mind is how did those files get onto her hard drive without user intervention? One can receive these as e-mail attachments and simply delete the e-mails. So I'm guessing she saved them onto the hard drive herself?
Hedda Lora | |
| | |
March 17th, 2004, 10:38 PM
|
#9 (permalink)
| | Ultimate Member
Join Date: Jun 2002 Location: Vancouver, WA, USA
Posts: 2,696
| Quote: Originally posted by HeddaLora
The latest variant was around for 1-2 days before it was added to the AV data files, so that would explain why it wasn't caught by the AV software. The real question in my mind is how did those files get onto her hard drive without user intervention? One can receive these as e-mail attachments and simply delete the e-mails. So I'm guessing she saved them onto the hard drive herself?
Hedda Lora | Turns out that she did open it, but thought she didn't. Got an email from me (spoofed of course) and opened it. Ended up being the virus.
The spoofers are using my address alot. Irritates me.
-Chris | |
| | | Thread Tools | Search this Thread | | | | |
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | | | | Most Active Discussions  | | | | |   Recent Discussions  | | | | |
 |
hardware
prices 
