[Esd-l] W32/Yarner@MM

Robby robby at obsidian.co.za
Wed Feb 20 23:21:01 PST 2002


Looks like yawsetup.exe needs to be added to the poisoned files.

> -->
> 
>      DRS Virus Alerts
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>       Virus Name
>       W32/Yarner at MM
> 
> 
> 
> 
> 
> 
> 
>       Date Released
>       18-02-2002
> 
> 
> 
> 
> 
> 
> 
>       Risk
>       Medium
> 
> 
> 
> 
> 
> 
> 
>       Definition detection
>       4187 DAT and 4.0.70 Engine, ExtraDAT available at www.drs.co.za
> 
> 
> 
> 
> 
> 
> 
>       Cleaner available
>       No
> 
> 
> 
> 
> 
> 
> 
>       Brief Description
>       This is a new worm seen by AVERT researchers in Germany and the UK
> today, 19 Feb 2002.
> 
>       This worm has its own SMTP e-mailing engine which gets e-mail
> addresses from .pl, .php, .htm, .shtm, .cgi, and the Outlook address book,
> and uses kernei32.daa to store them. The worm gets e-mail servers from
> \Software\Microsoft\Internet Account Manager\Accounts\SMTP Server and uses
> kernei32.das to store them. The worm copies itself to the Windows folder
> with a randomly selected name, and adds the registry key
> Software\Microsoft\Windows\CurrentVersion\Runonce to run it. It also
> replaces notepad.exe and copies the original notepad.exe to notedpad.exe.
> The worm's payload is to delete all not-locked files from drive c:
> 
>       The virus arrives as an e-mail with:
> 
>       From line faked to read: webmaster at trojaner-info.de
>       Subject: Trojaner-Info Newsletter 18.02.02 (date is updated according
> to infected machine)
>       Attachment: yawsetup.exe
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
>       For More Information follow this link
>      McAfee
> 
> 
> 
> 
>      Symantec
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> ----------------------------------------------------------------------------
> ----
> 
> This message has been scanned for content by MailMarshal from Marshal
> Software. Please feel free to contact our sales staff at +27 11 712 4200 to
> arrange a demonstration or free trial copy.
> 
> 
> ----------------------------------------------------------------------------
> ----
> 
> Try DRS ASaP Free Today!! Latest Anti-Virus Technology In South Africa!!
> 
> http://www.drsasap.co.za
> 
> ----------------------------------------------------------------------------
> ----
> 

-- 

Robert Mc Donald - Support Consultant
Obsidian Systems - Www.Obsidian.Co.Za

Contact: 011-792-6500



More information about the esd-l mailing list