Discussion in 'Off Topic Area' started by Anth, Jan 27, 2004.

  1. La Mancha

    La Mancha Valued Member

    Yet another alert from Trend Micro.
    Received this morning.

    As of August 9, 2004 11:30 am PST, TrendLabs has declared a YELLOW alert to control the spread of WORM_BAGLE.AC. Several infection reports of this mass-mailing worm were received from the United States.

    This worm is downloaded by TROJ_BAGLE.AC. Upon execution, it drops copies of itself in the Windows system folder using the following filenames:


    It sends out .ZIP compressed files containing TROJ_BAGLE.AC and HTML_BAGLE.AC via email.

    This PEX-compressed worm runs on Windows 95, 98, ME, NT, 2000, and XP.

    TrendLabs will be releasing the following EPS deliverables:

    TMCM Outbreak Prevention Policy 125
    Official Pattern Release 953
    Damage Cleanup Template 390

    For more information on WORM_BAGLE.AC, you can visit our Web site at:

    Contact for inquiries and to report infections in your region.

    New Pattern File Numbering Format upgrade for Trend Micro products is REQUIRED by July 2004. Click for details!

  2. La Mancha

    La Mancha Valued Member

    Heads up this looks like a new worm.

    Dear Trend Micro customer,

    As of Aug 16, 2004 12:10 AM (GMT -7:00), TrendLabs has declared a Medium Risk Virus Alert to control the spread of WORM_RATOS.A. TrendLabs has received several infection reports indicating that this malware is spreading in Japan, Korea and the United States.

    This worm spreads via email with the following details:

    Subject: photos
    Message body: LOL!;))))
    Attachment: photos_arc.exe

    Upon execution, it drops a copy of itself as the following files:

    . %Windows%\RASOR38A.DLL
    . %System%\WINPSD.EXE

    (Note: %System% refers to the Windows system folder, which is usually C:\Windows\System on Windows 95, 98, and ME, C:\WINNT\System32 on Windows 2000 and NT, and C:\Windows\System32 on Windows XP. Note: The Windows system folder is usually C:\Windows\System on Windows 95, 98, and ME, C:\WINNT\System32 on Windows 2000 and NT, and C:\Windows\System32 on Windows XP.)

    It downloads copies of a backdoor component file from several URLs and saves it as WINVPN32.EXE in the Windows folder.

    This worm usually arrives UPX-compressed and runs on Windows 95, 98, ME, NT, 2000, and XP.

    TrendLabs will be releasing the following EPS deliverables:

    TMCM Outbreak Prevention Policy 126 (available)
    Official Pattern Release 1.957.00 (available)
    Damage Cleanup Template 394 (to be released)
    Network Virus Pattern 10136 (to be released)

    TrendLabs is currently working to provide a more in-depth analysis of this malware. You can visit our Web site for more updates on WORM_RATOS.A:

    Contact for inquiries and to report infections in your region.

  3. neryo_tkd

    neryo_tkd Valued Member

  4. gaz shaw

    gaz shaw New Member

    wow ive learnt a lot thanks
  5. Twelve Eggs

    Twelve Eggs Valued Member

    on my mothers computer (not mine, thankgod!!), she got some nasty virus that goes by the name of coolwebsearch or something . ive tried adaware and norton so far, and it just keeps coming back. everytime. it set something on her homepage, and that wont come off either. my mom looks at her bank account and stuff online, and she buys things sometimes. im afraid it could steal her passwords. does anyone know how to deal with this thing *crosses fingers*
  6. Anth

    Anth Daft. Supporter

  7. semphoon

    semphoon walk idiot, walk.

    I had a really hard time with coolwebsearch (it would set itself as my homepage). Colonel Lieutenant Google will give you the information you seek. Or easy-tek.
  8. tekkengod

    tekkengod the MAP MP

    if you don't want viruses, get Panda or BullDog firewalls, NOTHING will EVER get through Panda.
  9. Twelve Eggs

    Twelve Eggs Valued Member

    i found a thread saying i should download CWShredder. does anyone know if this works?
  10. JohnnyX

    JohnnyX Map Addict

    Yes that works. I've used it a few times now.
  11. Twelve Eggs

    Twelve Eggs Valued Member

    ok, thankyou
  12. Infinity

    Infinity -Invincible-

    i think my computer may have a virus, a week ago whenever i close the ie , my calculater keeps poping up. all my softwares were gone due to format before so i lost my norton, and im not planing to get it cuz they said they scaned for adware and spyware but they missed out i use ad aware now and they detected no ad or spy on computer.any free software can fix my problem? also guys if u dont want spyware or adware in your computer theres one solution and u dont even wanna have to scan your pc unless u want to, just gotta and download "spyware blaster" it prevent spy or ad from installing but its a free program but require a subscription like in a year yourll still get update for somtime. you can search for other free ones if u can find it.
  13. Anth

    Anth Daft. Supporter

    A) You might want to use correct punctuation in your posts to make them a little easier to read ;)

    B) Instead of using Norton AV, use either AVG or Avast. I use AVG and am happy with it (I dont bother with Norton any more, since AVG got everything before it) and I believe that JohnnyX uses Avast and is more than happy with it :)
  14. kano junior

    kano junior Uchi-Monster!!

    Yeah, i have to agree with Anth on this one. I use Avast and also AntiVir for back-up and have no problems at all.
  15. dbmasters

    dbmasters Valued Member

    One vote for AVG here. Tho something silly and harmless like it popping up a calc sounds more like a spyware/malware type of thing.

    Go to and ask there, perhaps somebody on that forum knows what it is...

    Hey, infinity, did you get it from Torrent :D
    Last edited: Oct 28, 2005
  16. JohnnyX

    JohnnyX Map Addict

    Yep, it's Avast for me. :love:

    I've Sold, Installed, Supported and Used many Anti Virus packages in the past 10 years and the Free version of Avast that I use at Home is as good as any of the others that I've paid for in the past.
  17. Infinity

    Infinity -Invincible-

    i dont know if i got it from torrents, but its gone now i think....cuz i ran adware again and it dected some ad or spy thing dint write down the name..
  18. dbmasters

    dbmasters Valued Member

    Just an interesting adendum here, AVG released version 7.1 recently, it took the computer in my recording studio down for the count...I can't even get into safe mode or anything to uninstall it, she just reboots a reinstalling we will go...LAME...I think I'll try Avast this time...

    A serious disappointment.
  19. MarioBro

    MarioBro Banned Banned

    Nothing wrong with AVG...I have used it for a long time and have installed it on many systems. Likely something else going on in your system.
  20. dbmasters

    dbmasters Valued Member

    Ummmm, no it's likely not anything else in my system. My studio computer is a highly controlled system with very little ever changing, it has been running happy and healthy for a long time with no changes at all, I booted up, got prompted for an update to AVG, I took it, it asked me to reboot, I rebooted and now it's not working.

    It's a flaw in the update of AVG, very simple really. Not saying it affects all users, but it damn sure affected me.

    I've admin'd servers for years, worked as a tech for more years than that and have certifications coming out of my's not like I just fell of the PC tech truck...or that it is really that tough to diagnose given the computer it happened to affect.

    I am just sharing the fact there is a flaw in it, not saying it's a huge one or that it will affect everybody, just food for thought when choosing one.
    Last edited: Nov 2, 2005

Share This Page