| Colonial Campaigns Club (CCC) https://www.wargame.ch/board/cc/ |
|
| Virus warning https://www.wargame.ch/board/cc/viewtopic.php?f=6&t=2210 |
Page 1 of 1 |
| Author: | Sam Moon [ Fri Mar 15, 2002 1:00 pm ] |
| Post subject: | Virus warning |
I got hit with a farirly strange Code Blue virus yesterday. It looks web driven rather than e-mail driven. The virus, taking advantage of an earlier flaw in Explorer, could load executable programs on to my machine from a web page. These programs were tray.exe,svchost.exe,and an autodialer.exe. The virus opened up a few startup programs on the PC, one for each of the .exe's above. There was also a duplicate startup under a different name for the svchost.exe. The virus downloaded unwanted webpages onto the PC, porn sites, violence, etc. It changed the opening homepage to a site which then flooded explorer with pop-ups. It also renamed the start up web page if one try to change it. I've cleaned my machine using info at Trend Micro on Code Blue to remove the svchost.exe from the registry and deleting the tray.exe and autodialer.exe My virus protection DID NOT DETECT THIS PROGRAM. The svchost.exe will send the virus on through IP addresses it pulls off the host machine. The svchost.exe can not execute on windows 98 (what I'm running) unless it has IIS so it did not access IP's and reproduce from my system. It can on unprotected Windows 2000 and Windows NT. (patch is available from microsoft.) Corporal Sam Moon Ferguson's Amer. Volunteers |
|
| Page 1 of 1 | All times are UTC - 5 hours [ DST ] |
| Powered by phpBB® Forum Software © phpBB Group https://www.phpbb.com/ |
|