-
October 30th, 2004, 04:23 AM
#1
Registered User
NEW: Bagle-AU worm disables Windows XP SP2 firewall
Experts at Sophos have warned users that the new W32/Bagle-AU worm attempts to disable security software on infected Windows PCs.
"By turning off firewall protection and other security software the author of the latest incarnation of the Bagle worm is opening up computers to attack," said Graham Cluley, senior technology consultant for Sophos. "Increasingly virus writers are aiming to take over innocent peoples' computers in order to steal, spam or cause mischief."
Sophos notes that the W32/Bagle-AU worm is capable of turning off the firewall built into Microsoft's recent Windows XP Service Pack 2 update.
"Just because you are running the latest version of Windows XP you shouldn't think you are necessarily protected from this worm," continued Cluley. "If you launch it on a PC running Windows XP SP2 it can turn off your firewall opening the door to hackers and other internet attacks."
News source: Sophos
-
October 30th, 2004, 05:58 AM
#2
Thanks for posting details on this as I've just had a call...
-
October 30th, 2004, 07:06 AM
#3
Geezer
Originally Posted by TechZ
..Sophos notes that the W32/Bagle-AU worm is capable of turning off the firewall built into Microsoft's recent Windows XP Service Pack 2 update...
Sophos (as some will know) is my favourite pay for 'anti-stuff', but the technical support Dudes I know there don't work weekends (or not to answer mails or calls) & I wanted to know if anyone had turned up just what gives you this & exactly what its doing ..
All I can fathom is what TechZ's links to ( & ta for the 'heads up' from the Techz News channel ) & its spread via an attachment in spurious mails ?
Opening any attachment from anyone you don't know is of course an exceptionally dumb idea, unless you are prepared for the potential consequences !
-
October 31st, 2004, 04:18 AM
#4
Registered User
thanks -ed, bookmarkmns, nice to see the NEWS channel is doing some good
AS soon as I see a mail from someone I dont know, DELETE, I'd rather lose an email than have to rebuild a whole system or mess up precious files.
-
October 31st, 2004, 04:24 AM
#5
Registered User
Bagle Is Still Biting - McAfee's Antivirus Emergency Response Team spotted its first sample of Bagle.bb, one of the new variants, at 11:30 p.m. Thursday Pacific Coast Time. Since then, the company has received about 200 reports of the virus and intercepted two more variants, dubbed Bagle.bc and Bagle.bd, according to Vincent Gullotto, vice president of McAfee AVERT. McAfee rates Bagle.bb and Bagle.bd "medium" threats, based on the number of submissions they received for each, Gullotto said. The new variants are almost identical to each other, but use slightly different versions of a compression program, known as a packer, to shrink the size of the virus, creating a different profile or "signature" that can fool some antivirus programs, he said. Another article can be found at CNET. (download Win32/Bagle cleaner)
Lets hope this helps.
Z
-
November 11th, 2004, 01:46 AM
#6
Registered User
adding old HDD to new compy for old info...and viruses...Doh!
I went and did it this time...
my old compy's power supply failed, and I was unable to find a new PS, so I bought a new compy...now, months later, I want the old information off the old HDD. so, I add it on as a slave...
...something twitches in the back of my head...old viruses...
So, I begin a barrage of scanning tools, AVG, Trend Micro, Ad-Aware...
and, of course, the HDD is choc-full of the bagle virus. AVG shows as follows: I-worm/bagle.ab, I-worm/bagle.ac, Trojan Horse Proxy.4.ap, and Trojan Horse Downloader.keenval.b
mostly bagle.ab.
any help on how to remove these from the drive? I'm downloading norton 05 trialware (Gotta love full-functioning trialware...) and I'm gonna see if it will fully remove it.
AVG says that it has healed them, but they keep coming back. GRR! I know I can always wipe the drive, but I have good information...and also my Everquest game (with expansions) on that drive... ANY help would be AWESOME.
btw - I could not find the win.32/bagle cleaner on Tech-Z's posted link.
My specs: 900 MHz AMD T-Bird, Asus K7M Mobo., 256 MB RAM (two 128 MB Kingston SD PC-100), GeCube Radeon 9200 SE 128mb (drivers were impossible to find...still crashes because of them every now and then...i think its them...), Sound Blaster Live! 5.1, new high-speed USB 2.0 card, dual 60 GB HDD's for the heck of it (NTFS), XP Pro SP 2, Mozilla Firefox ( Spread Firefox!), single-barrel carberator, Saitek P2500 Rumbleforce, (Yes, the system is dated, but it fits my budget!) - Sockhatguy
-
November 11th, 2004, 04:08 AM
#7
Registered User
try this link http://www.nod32.ch/download/tools.stm
and get the standalone NOD32 executable from http://mirror.edskes.com/ to scan your machine with too.
-
November 11th, 2004, 04:57 AM
#8
Registered User
turns out I have netsky.p@mm!zip also...gah.
the old compy was pretty much a family junker...the compy we used for anything and everything. thanks for the links, I'll try them out!
My specs: 900 MHz AMD T-Bird, Asus K7M Mobo., 256 MB RAM (two 128 MB Kingston SD PC-100), GeCube Radeon 9200 SE 128mb (drivers were impossible to find...still crashes because of them every now and then...i think its them...), Sound Blaster Live! 5.1, new high-speed USB 2.0 card, dual 60 GB HDD's for the heck of it (NTFS), XP Pro SP 2, Mozilla Firefox ( Spread Firefox!), single-barrel carberator, Saitek P2500 Rumbleforce, (Yes, the system is dated, but it fits my budget!) - Sockhatguy
Similar Threads
-
By ringo2143z in forum Windows XP
Replies: 25
Last Post: November 2nd, 2004, 01:28 AM
-
By TechZ in forum Windows XP
Replies: 0
Last Post: August 11th, 2004, 03:38 PM
-
By TechZ in forum Windows XP
Replies: 0
Last Post: August 9th, 2004, 03:36 PM
-
By TechZ in forum Windows XP
Replies: 3
Last Post: August 9th, 2004, 03:29 PM
-
By Araman in forum Windows NT/2000
Replies: 3
Last Post: August 6th, 2001, 04:24 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks