« previous next »
Pages: [1]   Go Down

Author Topic: Quickly Spreading AIM Worm/Virus  (Read 3277 times)

0 Members and 1 Guest are viewing this topic.

Strygun

  • Guest
Quickly Spreading AIM Worm/Virus
« on: September 09, 2005, 05:24:18 AM »
I havn't yet figured out exactly what this virus is. I think it may be more along the lines of a spyware/adware program than anything else, but it reproduces so quickly that I suspect it may have worm tendencies.

It spreads using AOL Instant Messenger. It might use other programs but so far I can only follow it through AIM. It sends a copy of itself using a link asking people to click it.

EDIT: Link removed by moderator

That is a link to the program. Surprisingly, it's hosted on a legitimate company's website, narprail.org. I have dispatched an email to their customer service using their "Contact Us" form to inform them of this file. Hopefully it's not their own tech guy hosting it.

Can anyone here help me figure out how to tell my contacts about how to remove this program? I am currently not infected because I see these types of things all the time and I know how to avoid them. However, neither avast nor adaware recognizes this file as dangerous, so I don't know how to clean it off an infected system.

Can anyone help?
« Last Edit: September 09, 2005, 09:15:10 AM by igor »
Logged

Strygun

  • Guest
Re: Quickly Spreading AIM Worm/Virus
« Reply #1 on: September 09, 2005, 05:31:32 AM »
After a bit more prodding, I have discovered this file to be a backdoor file. Here are the names of it according to the different virus lab companies.

Win32.Slinbot.UG [Computer Associates], Backdoor.Win32.SdBot.gen [Kaspersky Lab], W32/Sdbot.worm.gen.h [McAfee], W32/Sdbot-Fam [Sophos], WORM_SDBOT.GEN [Trend Micro]

However, avast does not recognize this file as dangerous and therefore, my life is so much harder to get rid of it! :)

Anyone know any good, safe way? Or could someone make a virus cleaner specifically for this virus?
Logged

Offline TedNelly

  • Avast Evangelist
  • Super Poster
  • ***
  • Posts: 1538
  • Trust No-One!
Re: Quickly Spreading AIM Worm/Virus
« Reply #2 on: September 09, 2005, 06:11:31 AM »

F-Secure provides the special disinfection utility to eliminate WootBot backdoor infection

http://www.f-secure.com/v-descs/wootbot.shtml
Logged
Windows 10 Pro | Intel I7 CPU | 16 Gig 2133 RAM | Avast beta 17.5.2295 | Firefox 54 b9(64-bit) | Cyberfox 52.1 | T-Bird 52.1.1 | SpyWareBlaster 5.5 | MalwareBytes 3.0.0.865 | WinPatrol 35.5.2 | GlassWire 1.2.100 | Cybereason Ransomfree 2.2.7 |  Pulla-dePlug Final!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67183
Re: Quickly Spreading AIM Worm/Virus
« Reply #3 on: September 11, 2005, 06:08:46 AM »
To Strygun: Can you send the file to Alwil for analysis and to include it into next virus database update? (virus (at) avast.com)
To Alwil: Could you protect us from this?  :P
Logged
The best things in life are free.

Strygun

  • Guest
Re: Quickly Spreading AIM Worm/Virus
« Reply #4 on: September 11, 2005, 06:32:41 AM »
Unfortunatly I have already deleted this file. I found a stinger for this virus on McAfee's website and used that. However, could you not get the information needed to defend against this worm from Symantec or McAfee?

Just search for Backdoor.Sdbot.

Info on Symantec: http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.ak.html
Logged
Pages: [1]   Go Up
« previous next »