RE: [Declude.JunkMail] VIRUS WARNING

2005-08-17 Thread Colbeck, Andrew
PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Kim Premuda > Sent: Wednesday, August 17, 2005 5:43 AM > To: Declude.JunkMail@declude.com > Subject: RE: [Declude.JunkMail] VIRUS WARNING > > To all... > > I posted this warning to the IMail list as well as the > Declud

Re: [Declude.JunkMail] VIRUS WARNING

2005-08-17 Thread Matt
Kim, This most likely wasn't from an infected JPG.  This vulnerability is attacked through TCP ports: Microsoft Security Bulletin MS05-039 Vulnerability in Plug and Play Could Allow Remote Code Execution and Elevation of Privilege (899588) http://www.microsoft.com/technet/security/Bulletin/MS0

RE: [Declude.JunkMail] VIRUS WARNING

2005-08-17 Thread Kim Premuda
To all... I posted this warning to the IMail list as well as the Declude list, and someone responded with the following link on August 16th: http://securityresponse.symantec.com/avcenter/venc/data/w32.esbot.a.html Symantec has more precise information regarding the worm than I can offer (

RE: [Declude.JunkMail] VIRUS WARNING

2005-08-17 Thread Markus Gufler
> Before rebooting my server I allways RENAME a dangerous file... ..maybe this will not work as long as the processes run and can't be stopped in the task manager. But if possible I too rename the original malware file and create a new one. (new empty textfile renamed to the previous filename)

Re: [Declude.JunkMail] VIRUS WARNING

2005-08-16 Thread Bonno Bloksma
Hi, A slight addendum to your instructions. [.] Then reboot the server. After rebooting, you will now be able to delete the two offending files. They are located in: c:\winnt\system32\mousebm.exe c:\winnt\system32\mousesync.exe Before rebooting my server I allways RENAME a dangerous

RE: [Declude.JunkMail] VIRUS WARNING

2005-08-16 Thread Andy Schmidt
PROTECTED] On Behalf Of Colbeck, Andrew Sent: Tuesday, August 16, 2005 06:33 PM To: Declude.JunkMail@declude.com Subject: RE: [Declude.JunkMail] VIRUS WARNING Thanks for the heads up, Kim. If you still have the files, you can do a couple more things to help the wider community: Password protect

RE: [Declude.JunkMail] VIRUS WARNING

2005-08-16 Thread Colbeck, Andrew
Thanks for the heads up, Kim. If you still have the files, you can do a couple more things to help the wider community: Password protect them in a zip file and submit the samples to: The handlers at the SANS Internet Storm Center, who love to chase down new mailware and will share with vendors: h

RE: [Declude.JunkMail] Virus Warning - Netsky.b@mm

2004-02-18 Thread Chris Patterson
I blocked it with declude Junkmail using this in a "myfilter" : BODY 15 CONTAINS TVqQAAME//8AAL BODY 15 CONTAINS UEsDBAoAAI2aUjBdbrA Thanks, Chris Patterson, CCNA Network Engineer Rapid Systems (813)232-4887 Ext. 112 [EMAIL PROTECTED] "Managed Spam Filtering and Anti-Virus Protec