Looks like you got hit with the BugBear worm. Go here to get a fix: http:// [EMAIL PROTECTED] tool.html
After you fix it..re-install your AV software. FVS > -----Original Message----- > From: Bassam ALHUSSEIN [mailto:[EMAIL PROTECTED]] > Sent: Saturday, October 05, 2002 5:14 PM > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Somebody saw this trojan ? > > > Hello .. > > I have received an e-mail today that is not supposed to be > sent to me (they were calling somebody else that I don't know > ..). When I read the mail with Outlook Express I noticed that > the popup window of dowmloading the attachement is invoked > rapidly (Slow computer) without asking for "Open" or "Save > as" ... Well, I have some basic concepts about viruses and > security. I am using NAV 2001 with the virus definitions of > 16/09/2002 and it generally scans the incoming emails. but > after reading that email I noticed that NAV is not running > !!! With Ctrl-Alt-Del I Didn't see any "Strange" runnong > program. On a promt command I wrote : netstat -an and I found : > TCP 0.0.0.0:36794 0.0.0.0:0 LISTENING > I think it could be a trojan horse listning on the port 36794 > .. I ran NAV manually to scan my system...but it (NAV) soon > shut down. I ran a free "Process Viewer" and then I noticed a > "strange" running program with the name "Hfyj.exe", so I > killed it. With the "Regedit" I deleted the key that was > invoking this program in : > HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce > > I deleted the exe file and when I rebooted I noticed that it > is always there and that Nav is not running. I killed the > program again ..deleted the registry key... ran Nav to scan > the exe file but it sayed that it is not infected !!! > > Help.. The Resident Evil is always here and runing ... > > Note : the mail was sent from a fake address ....and I didn't > found the "To: " statement in the header ....How could it > come to me without the "To :" statement. > > what about sending the exe file to Symantec ??? > > > thanx > >
