Author Topic: What happened to this Win32:Swen email?  (Read 2819 times)

0 Members and 1 Guest are viewing this topic.

Jorolat

  • Guest
What happened to this Win32:Swen email?
« on: July 20, 2005, 01:07:15 AM »
Hi,

Two emails were downloaded each containing the Win32:Swen worm. I deleted the first one but as I went to delete the second a pop-up from another program appeared and I missed it.

I've just run stinger and nothing was found but stinger checks for W32/Swen@MM so would it have picked up the Win32:Swen that Avast reported?

What could have happened to Win32:Swen, how else can I test for it & how do I remove it if it's found!

Hope you can help :)

Jorolat

nb: I use thunderbird & the infected email ended up in the junk folder - could this have stopped it installing itself? (er, I did look at it in the junk folder though!)

Jorolat

  • Guest
Re: What happened to this Win32:Swen email?
« Reply #1 on: July 20, 2005, 01:15:03 AM »
I just looked at the offending email again & it says in the message body:

"Undelivered to zlzcomusr@america.com

avast! Antivirus: Inbound message INFECTED:
\brlkqp.com#3335628923 (Win32:Swen [Wrm]) was (BEWARE!!!) left intact in the message.

Virus Database (VPS): 0529-0, 18/07/2005
Tested on: 19/07/2005 23:21:47
avast! - copyright (c) 2000-2004 ALWIL Software."

When I looked at the headers it says:

"Attachment: \brlkqp.com#3335628923   Virus: Win32:Swen [Wrm]"

I can't see any sign of an attachment so maybe the worm didn't get in?

Please tell me this is so! :)

Jorolat

Jorolat

  • Guest
Re: What happened to this Win32:Swen email?
« Reply #2 on: July 20, 2005, 10:48:02 AM »
If no-one speaks to me soon I'm gonna burst into tears..

.. then see how you feel!

Jorolat :)


Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: What happened to this Win32:Swen email?
« Reply #3 on: July 20, 2005, 11:10:28 AM »
Did you got any warning from avast! when this mail arrived? If yes,what did you select?

If you haven't actually doubleclicked (opened) attachement,then you can be sure you're clean. Just delete both mails from Inbox(or Junk folder in your case) and check entire C: partition with avast! just in case if you're unsure.
It's interesting that you got Swen again,since it's ItW time is already "over".
I mean it's a quiet old parasite...
Anyway,this is pretty much everything you can do.
Visit my webpage Angry Sheep Blog

Jorolat

  • Guest
Re: What happened to this Win32:Swen email?
« Reply #4 on: July 20, 2005, 11:45:04 AM »
Thanks for replying RejZoR!

This is what I put in the original post:

Two emails were downloaded each containing the Win32:Swen worm. I deleted the first one but as I went to delete the second a pop-up from another program appeared and I missed it.

I've just run stinger and nothing was found but stinger checks for W32/Swen@MM so would it have picked up the Win32:Swen that Avast reported?

What could have happened to Win32:Swen, how else can I test for it & how do I remove it if it's found!


I'll have to check the C partition but I didn't open any attachment so maybe I'm ok :)

Jorolat

Offline RejZoR

  • Polymorphic Sheep
  • Serious Graphoman
  • *****
  • Posts: 9406
  • We are supersheep, resistance is futile!
    • RejZoR's Flock of Sheep
Re: What happened to this Win32:Swen email?
« Reply #5 on: July 20, 2005, 12:02:11 PM »
Ok,if check of C partition came clean,than you're safe :)
Visit my webpage Angry Sheep Blog