WORM_RATOS.A (photos_arc.exe)

The number of a mail with “photos_arc.exe” is increasing in JP.

Trend Micro named it “WORM_RATOS.A.”
They says, “this virus was reported in Japan, South Korea and the United States at 16th of Aug, 2004 (JST, GTM+9:00). Now, the virus behaviors are under our analysis.”

Mail Subject: “photos”
Body: “LOL!;))))”
Attachment: “photos_arc.exe”

Please take care.

It is just another mydoom… And it wouldn’t surprise me if Avast has the detection for it in the latest vps (434-0) already.

Some other vender call it W32/Mydoom.s@MM, W32.Mydoom.Q@mm and so on.
I have read VPS history. Is “Win32:Mydoom-Q [Wrm]” in VPS the same as WORM_RATOS.A ?

yes. Mydoom-Q in Avast is the same as ratos.A in Trend. Trend is using a wrong name.

Eddy, thank you very much for the good news !
I will sleep well tonight.

It is usual, but how fast the response to the virus is !
Thank you very much.

You can use VGrep to see what names for a virus are used by different vendors. It is not always up-to-date with the latest info, but it is better than nothing.

Thank you very much. This database is so nice !
The up-to-date may not be just in time, but I like this tool.
Thank you very much. :wink: