[JA] UPDATE on mail attachment from Netherlands

• From: bob.in.jersey@xxxxxxxx
• To: juno_accmail@xxxxxxxxxxxxx
• Date: Thu, 3 Oct 2002 13:27:19 EDT

It was "W32/Bugbear.A@mm", according to F-Prot.

http://www3.ca.com/virusinfo/Virus.asp?ID=13233

Still, must have been a variant, because the attach's base name wasn't in
the list there.  It was "pacha".

It instilled itself in a DLL file, c:\windows\system\zaallpq.dll,
which allowed it to spook ZoneAlarm and create the two .exe files
described earlier.  Two things the .exe's did were to shutdown
ZoneAlarm straightaway it opened (altho not corrupt or disable it,
tho I reinstalled it =chust= in case...), and to spook our domain-
name-system (not sure how it did that, since that's handled
dynamically by Juno) so we couldn't surf anywhere, even though we
could still start and log onto Juno.


-- 
BOB



To unsubscribe, send a message to ecartis@xxxxxxxxxxxxx with
"unsubscribe juno_accmail" in the body or subject.
OR visit //freelists.org
~*~

Other related posts:

• » [JA] UPDATE on mail attachment from Netherlands
• » [JA] Re: UPDATE on mail attachment from Netherlands
• » [JA] Re: UPDATE on mail attachment from Netherlands
• » [JA] Re: UPDATE on mail attachment from Netherlands

1. Home
2. juno_accmail
3. Archive
4. 10-2002

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---