?Virus?/?Trojan? recieved from freebsd-doc@FreeBSD.org
Anikin Vyacheslav
ghos at mail.ru
Thu Mar 4 05:09:24 PST 2004
In latest mail on 03 MAR, 2004 19:21 +0500 GMT (YEKT), Anikin Vyacheslav
(i.e. me) wrote:
> ...
>
> The attached file is Windows executable (PE format) packed by UPX.
> In import table presents a lot of procedures such as:
>
> URLDownLoadToFile
> GetNetworkParams
> InternetOpenA
>
> and others procedures from wininet.dll and wsock32.dll.
>
> I think, attached file is trojan. If anybody need attached file I can send it.
I scanned this attach file with The AntiViral Toolkit (AVP Kasperski)
with the daily-update (at 4 march 2004) and retrieve report:
# # th, 4 MAR 2004, 10:46:33 +0500 GMT
#
# Object Result Description
# -----------------------------------------------------------------------------
# <...>\trojan-maybe.exe.xxx Infected I-Worm.Bagle.i
Also scanned with DrWeb (daily-update, too). Report looking like that:
# <...>\TROJAN-MAYBE.EXE.XXX packed UPX
# <...>\TROJAN-MAYBE.EXE.XXX infected Win32.HLLM.Beagle.based
--
Anikin Vyacheslav a.k.a ghos <ghos at mail.ru>
More information about the freebsd-hackers
mailing list