ScoobyNet.com - Subaru Enthusiast Forum

ScoobyNet.com - Subaru Enthusiast Forum (https://www.scoobynet.com/)
-   Computer & Technology Related (https://www.scoobynet.com/computer-and-technology-related-34/)
-   -   ** New Virus ** (https://www.scoobynet.com/computer-and-technology-related-34/149927-new-virus.html)

shunty 13 November 2002 09:45 AM
got a virus alert this morning for this:

Name: Tr/Mastaz
Alias: Troj/Maz.A
Type: Trojan Downloader
Discovered: November 11, 2002
Size: 4.096 KB
Platform: Microsoft Windows 95/98/Me/NT/2000/XP

Description:

Tr/Mastaz is a trojan downloader that downloads the file "Msrexe. exe (30.720KB)" from a specified website and installs it in the users \windows\system\ directory.

So that it gets run each time a user restart their computer the following registry key gets added:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run "System Service"="C:\\WINDOWS\\SYSTEM\\MSREXE. EXE"

It also adds the key:

HKEY_LOCAL_MACHINE\System\CurrentControlSet\Servic es\Swartax "ImagePath"="C:\\WINDOWS\\SYSTEM\\MSREXE. EXE"

worrying that Sophos & McAfee do not appear to have a listing of this one, is it a hoax, certainly doesn't appear to be.

Jack Clark, perhaps you could comment ??

found this: http://www.pccomputernotes.com/viruses/backdoorg2.htm

shunty

shunty 13 November 2002 10:04 AM
some other sites show the actual .exe as an older subseven virus.....
any ideas ???

www.centralcommand.com
has it listed as a new virus
shunty

User 1421 13 November 2002 11:02 AM
I think the payload looks a little small for the subseven virus IIRC..

shunty 13 November 2002 11:22 AM
I was right, it IS a new virus, Sophos have just released the ide file fo it:

http://www.sophos.com/virusinfo/analyses/trojbdooraml.html

edited to add the download link for sophos:rolleyes:

http://www.sophos.com/downloads/ide/bdooraml.ide

shunty

[Edited by shunty - 11/13/2002 11:23:26 AM]

JackClark 13 November 2002 11:31 AM
If you're a McAfee customer and you believe you're affected by this you can get a DAT file from Here

Further information

shunty 13 November 2002 11:39 AM
Jack, just re-read my post, didn't mean to offend regarding the "maybe Jack Clark could comment" bit, just really busy this morning & didn't have time to phrase it better.
I have used mcafee for a few years btw. E-Policy suite.

Next time I get something like this do you want to mail you first ?

great for getting the link out to everyone, I'm sure you were aware of the virus.

shunty

JackClark 13 November 2002 11:40 AM
There's more data being sent about this viruses than by it.

Messagelabs started the media avalanche this morning followed by Sophos. And here's me busy trying to sort out my Rally tickets :)

shunty 13 November 2002 11:43 AM
ok then, get yer tickets sorted & take an early lunch:)

shunty


All times are GMT +1. The time now is 08:14 AM.


© 2024 MH Sub I, LLC dba Internet Brands