I submitted the dcomx.exe file to symantec since my NAV with the lattest update did not detected the virus in such file, neither juh.exe, and this is what I got: ************************ We have analyzed your submission. The following is a report of our findings for each file you have submitted: filename: C:\dcomx.exe machine: MIKE result: This file is infected with Backdoor.IRC.Cirebot ****************************************************** ----- Original Message ----- From: "Levinson, Karl" <LevinsonK@STARS-SMI.com> To: "'Drew Weaver'" <drewat_private>; <incidentsat_private> Sent: Wednesday, August 06, 2003 8:26 AM Subject: RE: Dig in: autorooter, maybe that IRC one but SAV doesnt pick it up. > In case it is helpful, note that the DCOMX.EXE file name resembles the name > of the fairly new Autorooter / Cirebot / Downloader-DM / "RPC Worm" > [F-secure nomenclature] RPC attack tool, but none of the files are detected > as such by either NAV or TrendMicro House Call with the latest updates > applied. > > The four files in the subdirectory contain strings and file names that lead > one to suspect they are part of Intel Landesk [PDS.EXE, ping discovery > service per google, and XFR.EXE, Intel file transfer utility, per google]. > > > -----Original Message----- > From: Drew Weaver [mailto:drewat_private] > Sent: Tuesday, August 05, 2003 3:07 PM > To: incidentsat_private > Subject: [despammed] Dig in: autorooter, maybe that IRC one but SAV > doesnt pick it up. > > > Dig in. > > http://www.soul-fu.com/drew.zip > > I found this on a Windows 2k SP4 machine without (without) the two most > recent and critically nessicary patches. > > Enjoy. > > -Drew > > > -------------------------------------------------------------------------- - > -------------------------------------------------------------------------- -- > > --------------------------------------------------------------------------- ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri Aug 08 2003 - 16:19:10 PDT