New bug out there

Ask the few things google does not know

Moderator: Dictators in Training

New bug out there

Postby kaharthemad » Tue Aug 02, 2005 11:01 am

Before listing the info I have gleamed let me fill you in on this bastard. I went out to a client site last night. AVG detected the bug on 2 exe in windows directory. after dleting these I was able to do a full scan and no current infection. next boot all of them are back 275+ files. This bug completely fuxor~d a full network inside of 25 minutes. So take my advice...diable port 139 Fully, if you get the bug unplug the WHOLE network and kill it on each computer one by one. do not reattached to the network till after you get all the files out. You will most likely have to reinstall all programs that have a executable in them(which is all of them) none of the programs to date do anything more than delete the infect exe files. This is a nasty network jumper so be forewarned.

Virus.Win32.Tenga.a
W32/Gael.worm.a
PE_TENGA.A
W32/Stanit
W32.Licum
Win32/Gaelicum.A
W32/Gael

W32/Tenga-A is a virus for Windows based systems.
W32/Tenga-A infects Windows executable files on all drives it can find other than drive A:. W32/Tenga-A also attempts to infect files on network resources.
W32/Tenga-A tries to download and run a file from a remote server. At the time of writing this file is detected as Troj/Penta-A.
W32/Tenga-A attempts to disable Windows File Protection.
W32/Tenga-A attempts to infect files at randomly chosen IP addresses via NetBIOS.
W32/Tenga-A also attempts to connect to a pre-specified server and spawn a remote command prompt that can recieve further commands from a remote intruder.

|
| AntiVir 6.31.0.9 07.14.2005 W32/Stanit
| AVG 718 07.14.2005 Win32/Gaelicum.A
| Avira 6.31.0.9 07.14.2005 W32/Stanit
| BitDefender 7.0 07.14.2005 no virus found
| CAT-QuickHeal 7.03 07.14.2005 no virus found
| ClamAV devel-20050501 07.14.2005 no virus found
| DrWeb 4.32b 07.14.2005 Win32.Gael.3666
| eTrust-Iris 7.1.194.0 07.13.2005 no virus found
| eTrust-Vet 11.9.1.0 07.14.2005 no virus found
| Fortinet 2.36.0.0 07.14.2005 suspicious
| F-Prot 3.16c 07.14.2005 could be infected with an unknown virus
| Ikarus 2.32 07.14.2005 no virus found
| Kaspersky 4.0.2.24 07.14.2005 Virus.Win32.Tenga.a
| McAfee 4535 07.14.2005 W32/Gael
| NOD32v2 1.1168 07.14.2005 probably unknown WIN32 virus
| Norman 5.70.10 07.14.2005 no virus found
| Panda 8.02.00 07.14.2005 no virus found
| Sybari 7.5.1314 07.14.2005 W32/Gael
| Symantec 8.0 07.13.2005 no virus found
| TheHacker 5.8.2.070 07.13.2005 no virus found
| VBA32 3.10.4 07.14.2005 no virus found
Image
User avatar
kaharthemad
NT Traveller
NT Traveller
 
Posts: 3768
Joined: Sat Mar 27, 2004 8:47 am
Location: Somewhere South of Disorder

Return to Tech Support

Who is online

Users browsing this forum: No registered users and 15 guests