Trend Micro RUBotted alert!

Hi debbiemahler,

Thanks for your analysis, I will harness ABP in the appropriate matter, and keep an eye on the RequestPolicy add-on in my Firefox browser. Is there a specific vulnerability used there?
I have seen connections like 150.70.89.33 port 443…

polonus

Hi DavidR et al,

I finally found the culprit, it is: File name C:\Windows\MEMORY.DMP Malware name Win32:VB-gen2 [Wrm] Virus/Worm

Actually my sis found it first & once she found it I knew I had it but it has taken me til now to find it, running avast. So now I want to move it to the vault but can’t as it says I don’t have enough disk space I have 160 gb’s free
Following is description

Malware type: Trojan

Aliases: Trojan-Downloader.Win32.VB.aod (Kaspersky), Trojan Horse (Symantec), TR/Dldr.VB.aod (Avira), Mal/Behav-225 (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 95, 98, ME, NT, 2000, XP

Encrypted: No

Overall risk rating:
Low

Reported infections:
Low

Damage potential:
Medium

Distribution potential:
Low

Description:

This Trojan downloads and executes the file, MSNMSG.EXE, into the root folder (usually C:) from the following link:

  http://www.zk{BLOCKED}c31.nl/spaw

Trend Micro detects this file as TSPY_BANCOS.AKI.

Tech details:
File type: PE

Memory resident: No

Size of malware: 29,384 Bytes (compressed); 33,792 Bytes (uncompressed)

Initial samples received on: Jun 19, 2005

Compression type: Petite

Related to: TSPY_BANCOS.AKI

I do know that RUbotted is BETA and unsupported by TrendMicro but looks like it did find this first!

Not sure what to do if I can’t move it to vault, would I move it & then rename it for now

nanajana

nanajana

Memory.dmp is a redundant file created when your system crashes at that point the contents of memory are dumped to that file, if there happened to be a virus in memory that to would end up in that file. Unless you have the tools and experience (or someone who does) then this file is of little help to you. The longer it is since the creation of the file even with the tools and experience the less use it is.

It is a large file and would exceed the Program Settings, Chest, Maximum file size to send (which can be adjusted). So my suggestion is simply to delete it as it is redundant, and in the event of a crash in the future the file would be recreated.

Hello DavidR,

Thanks again!! I’m learning a whole lot here so it can’t be all bad! ;D

Cheers,
Janice aka: nanajana

You’re welcome.