** New Virus **
#1
Scooby Regular
Thread Starter
Join Date: Aug 2001
Location: wakefield
Posts: 2,082
Likes: 0
Received 0 Likes
on
0 Posts
got a virus alert this morning for this:
Name: Tr/Mastaz
Alias: Troj/Maz.A
Type: Trojan Downloader
Discovered: November 11, 2002
Size: 4.096 KB
Platform: Microsoft Windows 95/98/Me/NT/2000/XP
Description:
Tr/Mastaz is a trojan downloader that downloads the file "Msrexe. exe (30.720KB)" from a specified website and installs it in the users \windows\system\ directory.
So that it gets run each time a user restart their computer the following registry key gets added:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run "System Service"="C:\\WINDOWS\\SYSTEM\\MSREXE. EXE"
It also adds the key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\Swartax "ImagePath"="C:\\WINDOWS\\SYSTEM\\MSREXE. EXE"
worrying that Sophos & McAfee do not appear to have a listing of this one, is it a hoax, certainly doesn't appear to be.
Jack Clark, perhaps you could comment ??
found this: http://www.pccomputernotes.com/viruses/backdoorg2.htm
shunty
Name: Tr/Mastaz
Alias: Troj/Maz.A
Type: Trojan Downloader
Discovered: November 11, 2002
Size: 4.096 KB
Platform: Microsoft Windows 95/98/Me/NT/2000/XP
Description:
Tr/Mastaz is a trojan downloader that downloads the file "Msrexe. exe (30.720KB)" from a specified website and installs it in the users \windows\system\ directory.
So that it gets run each time a user restart their computer the following registry key gets added:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run "System Service"="C:\\WINDOWS\\SYSTEM\\MSREXE. EXE"
It also adds the key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\Swartax "ImagePath"="C:\\WINDOWS\\SYSTEM\\MSREXE. EXE"
worrying that Sophos & McAfee do not appear to have a listing of this one, is it a hoax, certainly doesn't appear to be.
Jack Clark, perhaps you could comment ??
found this: http://www.pccomputernotes.com/viruses/backdoorg2.htm
shunty
#2
Scooby Regular
Thread Starter
Join Date: Aug 2001
Location: wakefield
Posts: 2,082
Likes: 0
Received 0 Likes
on
0 Posts
some other sites show the actual .exe as an older subseven virus.....
any ideas ???
www.centralcommand.com
has it listed as a new virus
shunty
any ideas ???
www.centralcommand.com
has it listed as a new virus
shunty
#4
Scooby Regular
Thread Starter
Join Date: Aug 2001
Location: wakefield
Posts: 2,082
Likes: 0
Received 0 Likes
on
0 Posts
I was right, it IS a new virus, Sophos have just released the ide file fo it:
http://www.sophos.com/virusinfo/analyses/trojbdooraml.html
edited to add the download link for sophos
http://www.sophos.com/downloads/ide/bdooraml.ide
shunty
[Edited by shunty - 11/13/2002 11:23:26 AM]
http://www.sophos.com/virusinfo/analyses/trojbdooraml.html
edited to add the download link for sophos
http://www.sophos.com/downloads/ide/bdooraml.ide
shunty
[Edited by shunty - 11/13/2002 11:23:26 AM]
#6
Scooby Regular
Thread Starter
Join Date: Aug 2001
Location: wakefield
Posts: 2,082
Likes: 0
Received 0 Likes
on
0 Posts
Jack, just re-read my post, didn't mean to offend regarding the "maybe Jack Clark could comment" bit, just really busy this morning & didn't have time to phrase it better.
I have used mcafee for a few years btw. E-Policy suite.
Next time I get something like this do you want to mail you first ?
great for getting the link out to everyone, I'm sure you were aware of the virus.
shunty
I have used mcafee for a few years btw. E-Policy suite.
Next time I get something like this do you want to mail you first ?
great for getting the link out to everyone, I'm sure you were aware of the virus.
shunty
#7
Scooby Senior
There's more data being sent about this viruses than by it.
Messagelabs started the media avalanche this morning followed by Sophos. And here's me busy trying to sort out my Rally tickets
Messagelabs started the media avalanche this morning followed by Sophos. And here's me busy trying to sort out my Rally tickets
Trending Topics
Thread
Thread Starter
Forum
Replies
Last Post