|
Dragul
| Joined: 11 Sep 2009 |
| Posts: 0 |
| Location: The Netherlands |
|
|
 Posted: Fri Sep 11, 2009 8:07 am |
|
 |
 |
|
|
Hello,
I have a small question, I am using Clamwin for a short while now and found a JS.Feebs.BN-1 virus while scanning.
My question is what jkind of virus infection is this, I cant seem to find anything on the site about it and using google only gives me a fage reference towards Hyves....
Any help would be appreaciated
Dragul
|
|
|
|
GuitarBob
| Joined: 09 Jul 2006 |
| Posts: 9 |
| Location: USA |
|
|
| Posted: Fri Sep 11, 2009 3:38 pm |
|
|
|
|
|
Different AV companies can have different names for viruses. You might try an MD5 hasher program to get a hash on the file and then do a Google search on that hash, which might get better results. Virus Total, Jotti, Threat Expert, and other scanning services go by the MD5 hash. I get good results from Threat Expert, which seems to catalog a lot of them. There are lots of free hash programs on the web.
Regards,
|
|
|
|
Dragul
| Joined: 11 Sep 2009 |
| Posts: 0 |
| Location: The Netherlands |
|
|
| Posted: Tue Sep 15, 2009 7:59 am |
|
|
|
|
|
Great Thanks, I'll give it a try.
|
|
|
|
Dragul
| Joined: 11 Sep 2009 |
| Posts: 0 |
| Location: The Netherlands |
|
|
| Posted: Tue Sep 15, 2009 8:16 am |
|
|
|
|
|
To finalise the topic, I found its a worm
Threat Name Threat Description
Worm.Feebs Worm.Feebs comes embedded inside an HTML application file (HTA), and is consequently dropped onto the system when this file is opened.
Once the worm is up and running, it scours the system for email addresses to send a copy of itself to using its own SMTP engine. This worm also encompasses rootkit functionality in order to cloak its presence on the system.
Worm.Feebs!sd5 Worm.Feebs!sd5 is a network-aware worm that attempts to replicate across the existing network.
Worm.Feebs!sd6 Worm.Feebs!sd6 is a network-aware worm that attempts to replicate across the existing network.
Its been deleted, so I hope its stays gone....
Thanks for the help though!!
|
|
|
