Author Topic: WORM_RATOS.A (photos_arc.exe)  (Read 5141 times)

0 Members and 1 Guest are viewing this topic.

Iso-G

  • Guest
WORM_RATOS.A (photos_arc.exe)
« on: August 16, 2004, 10:31:17 AM »
The number of a mail with "photos_arc.exe" is increasing in JP.

Trend Micro named it "WORM_RATOS.A."
They says, "this virus was reported in Japan, South Korea and the United States at 16th of Aug, 2004 (JST, GTM+9:00). Now, the virus behaviors are under our analysis."

Mail Subject: "photos"
Body: "LOL!;))))"
Attachment: "photos_arc.exe"

Please take care.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:WORM_RATOS.A (photos_arc.exe)
« Reply #1 on: August 16, 2004, 10:49:05 AM »
It is just another mydoom.. And it wouldn't surprise me if Avast has the detection for it in the latest vps (434-0) already.
« Last Edit: August 16, 2004, 10:50:42 AM by Eddy »

Iso-G

  • Guest
Re:WORM_RATOS.A (photos_arc.exe)
« Reply #2 on: August 16, 2004, 03:38:30 PM »
Some other vender call it W32/Mydoom.s@MM, W32.Mydoom.Q@mm and so on.
I have read VPS history. Is "Win32:Mydoom-Q [Wrm]" in VPS the same as WORM_RATOS.A ?


Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:WORM_RATOS.A (photos_arc.exe)
« Reply #3 on: August 16, 2004, 04:54:10 PM »
yes. Mydoom-Q in Avast is the same as ratos.A in Trend. Trend is using a wrong name.

Iso-G

  • Guest
Re:WORM_RATOS.A (photos_arc.exe)
« Reply #4 on: August 16, 2004, 05:48:31 PM »
Eddy, thank you very much for the good news !
I will sleep well tonight.

It is usual, but how fast the response to the virus is !
Thank you very much.

Offline Eddy

  • Avast Evangelist
  • Maybe Bot
  • ***
  • Posts: 31080
  • Watching (over?) you
    • Malware removal, Biljart and other things.
Re:WORM_RATOS.A (photos_arc.exe)
« Reply #5 on: August 16, 2004, 05:55:10 PM »
You can use VGrep to see what names for a virus are used by different vendors. It is not always up-to-date with the latest info, but it is better than nothing.
« Last Edit: August 16, 2004, 05:56:30 PM by Eddy »

Iso-G

  • Guest
Re:WORM_RATOS.A (photos_arc.exe)
« Reply #6 on: August 16, 2004, 06:23:35 PM »
You can use VGrep to see what names for a virus are used by different vendors. It is not always up-to-date with the latest info, but it is better than nothing.
Thank you very much. This database is so nice !
The up-to-date may not be just in time, but I like this tool.
Thank you very much. ;)