Re: My Shark has a virus!

From: Bill Verzal (BVerzal@KOMATSUNA.COM)
Date: Thu Aug 21 2003 - 16:10:31 EDT

• Next message: Wilson, Jeff: "Re: My Shark has a virus!"
• Previous message: Patrick B. O'Brien: "Listserve and AIX"
• Maybe in reply to: Bill Verzal: "My Shark has a virus!"
• Next in thread: Wilson, Jeff: "Re: My Shark has a virus!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The NT version of the ESS PC has and IBM 3151 emulator on it (NetTerm).
How is that different ?

BV
--------------------------------------------------------

Bill Verzal
AIX Administrator, Komatsu America
(847) 970-3726 - direct
(847) 970-4184 - fax

|---------+---------------------------->
| | "Wilson, Jeff" |
| | <Jeff.Wilson@GWL.|
| | COM> |
| | Sent by: IBM AIX |
| | Discussion List |
| | <aix-l@Princeton.|
| | EDU> |
| | |
| | |
| | 08/21/2003 02:48 |
| | PM |
| | Please respond to|
| | IBM AIX |
| | Discussion List |
| | |
|---------+---------------------------->
>-------------------------------------------------------------------------------------------------------------------------------|
  | |
  | To: aix-l@Princeton.EDU |
  | cc: |
  | Subject: Re: My Shark has a virus! |
>-------------------------------------------------------------------------------------------------------------------------------|

My IBM reseller ordered it for me and then the CE will install it. They
have to upgrade your ram and I think the modem. Or I think you can call
you
IBM rep and they can order it for you. It was all free. It is really cool
because you can open a terminal window to your shark with out hooking your
laptop to the serial port on the shark.

Jeff Wilson
303-737-5399

-----Original Message-----
From: Bill Verzal [mailto:BVerzal@KOMATSUNA.COM]
Sent: Thursday, August 21, 2003 1:00 PM
To: aix-l@Princeton.EDU
Subject: Re: My Shark has a virus!

How did you get the Linux version ?

BV
--------------------------------------------------------

Bill Verzal
AIX Administrator, Komatsu America
(847) 970-3726 - direct
(847) 970-4184 - fax

|---------+---------------------------->
| | "Wilson, Jeff" |
| | <Jeff.Wilson@GWL.|
| | COM> |
| | Sent by: IBM AIX |
| | Discussion List |
| | <aix-l@Princeton.|
| | EDU> |
| | |
| | |
| | 08/19/2003 01:54 |
| | PM |
| | Please respond to|
| | IBM AIX |
| | Discussion List |
| | |
|---------+---------------------------->

>
---------------------------------------------------------------------------
----------------------------------------------------|
  |
|
  | To: aix-l@Princeton.EDU
|
  | cc:
|
  | Subject: Re: My Shark has a virus!
|

>
---------------------------------------------------------------------------
----------------------------------------------------|

You might think about upgrading to the Linux version we did it about a year
ago it works great. It was free.

Jeff Wilson
303-737-5399

-----Original Message-----
From: Bill Verzal [mailto:BVerzal@KOMATSUNA.COM]
Sent: Tuesday, August 19, 2003 12:22 PM
To: aix-l@Princeton.EDU
Subject: Re: My Shark has a virus!

Yup - the PC came from IBM pre-loaded with NT 4. Here is the results of a
McAfee "Stinger" run...

McAfee AVERT Stinger Version 1.8.3 built on Aug 18 2003
Copyright (C) 2001-2002 Networks Associates Technology, Inc. All Rights
Reserved.
Virus data file v1000 created on Aug 18 2003.
Ready to scan for 28 viruses, trojans and variants.

Scan initiated on Tue Aug 19 11:24:28 2003

c:\WINNT40\system32\NetServices.exe
     Found the W32/Lovgate.f@M virus !!!

c:\WINNT40\system32\NetServices.exe has been deleted.
c:\WINNT40\system32\WinDriver.exe
     Found the W32/Lovgate.f@M virus !!!
c:\WINNT40\system32\WinDriver.exe has been deleted.
c:\WINNT40\system32\winrpc.exe
     Found the W32/Lovgate.f@M virus !!!
c:\WINNT40\system32\winrpc.exe has been deleted.
c:\WINNT40\system32\WinGate.exe
     Found the W32/Lovgate.f@M virus !!!
c:\WINNT40\system32\WinGate.exe has been deleted.
c:\WINNT40\system32\RAVMOND.exe
     Found the W32/Lovgate.f@M virus !!!
c:\WINNT40\system32\RAVMOND.exe has been deleted.
c:\WINNT40\system32\ily668.dll
     Found the BackDoor-AQJ trojan !!!
c:\WINNT40\system32\ily668.dll has been deleted.
c:\WINNT40\system32\Task688.dll
     Found the BackDoor-AQJ trojan !!!
c:\WINNT40\system32\Task688.dll has been deleted.
c:\WINNT40\system32\reg678.dll
     Found the BackDoor-AQJ trojan !!!
c:\WINNT40\system32\reg678.dll has been deleted.
c:\WINNT40\system32\kernel66.dll
     Found the W32/Lovgate.f@M virus !!!
c:\WINNT40\system32\kernel66.dll has been deleted.
c:\WINNT40\system32\WinHelp.exe
     Found the W32/Lovgate.f@M virus !!!
c:\WINNT40\system32\WinHelp.exe has been deleted.
c:\Program Files\Netscape\Communicator\Program\100 free essays school.pif
     Found the W32/Lovgate.f@M virus !!!
c:\Program Files\Netscape\Communicator\Program\100 free essays school.pif
has been deleted.
c:\Program Files\Netscape\Communicator\Program\MSN Password Hacker and
Stealer.exe
     Found the W32/Lovgate.f@M virus !!!
c:\Program Files\Netscape\Communicator\Program\MSN Password Hacker and
Stealer.exe has been deleted.
c:\Program Files\Netscape\Communicator\Program\Age of empires 2 crack.exe
     Found the W32/Lovgate.f@M virus !!!
c:\Program Files\Netscape\Communicator\Program\Age of empires 2 crack.exe
has been deleted.
c:\Program Files\Netscape\Communicator\Program\SIMS FullDownloader.zip.exe
     Found the W32/Lovgate.f@M virus !!!
c:\Program Files\Netscape\Communicator\Program\SIMS FullDownloader.zip.exe
has been deleted.
c:\Program Files\Netscape\Communicator\Program\MoviezChannelsInstaler.exe
     Found the W32/Lovgate.f@M virus !!!
c:\Program Files\Netscape\Communicator\Program\MoviezChannelsInstaler.exe
has been deleted.
c:\Program Files\Netscape\Communicator\Program\Star Wars II Movie Full
Downloader.exe
     Found the W32/Lovgate.f@M virus !!!
c:\Program Files\Netscape\Communicator\Program\Star Wars II Movie Full
Downloader.exe has been deleted.
c:\Program Files\Netscape\Communicator\Program\How To Hack Websites.exe
     Found the W32/Lovgate.f@M virus !!!
c:\Program Files\Netscape\Communicator\Program\How To Hack Websites.exe has
been deleted.
c:\Program Files\Netscape\Communicator\Program\Mafia Trainer!!!.exe
     Found the W32/Lovgate.f@M virus !!!
c:\Program Files\Netscape\Communicator\Program\Mafia Trainer!!!.exe has
been deleted.
c:\Program Files\Netscape\Communicator\Program\AN-YOU-SUCK-IT.txt.pif
     Found the W32/Lovgate.f@M virus !!!
c:\Program Files\Netscape\Communicator\Program\AN-YOU-SUCK-IT.txt.pif has
been deleted.
c:\Program Files\Netscape\Communicator\Program\Sex_For_You_Life.JPG.pif
     Found the W32/Lovgate.f@M virus !!!
c:\Program Files\Netscape\Communicator\Program\Sex_For_You_Life.JPG.pif has
been deleted.
c:\Program Files\Netscape\Communicator\Program\CloneCD + crack.exe
     Found the W32/Lovgate.f@M virus !!!
c:\Program Files\Netscape\Communicator\Program\CloneCD + crack.exe has been
deleted.
c:\Program Files\Netscape\Communicator\Program\Are you looking for
Love.doc.exe
     Found the W32/Lovgate.f@M virus !!!
c:\Program Files\Netscape\Communicator\Program\Are you looking for
Love.doc.exe has been deleted.
c:\Program Files\Netscape\Communicator\Program\autoexec.bat
     Found the W32/Lovgate.f@M virus !!!
c:\Program Files\Netscape\Communicator\Program\autoexec.bat has been
deleted.
c:\Program Files\Netscape\Communicator\Program\The world of lovers.txt.exe
     Found the W32/Lovgate.f@M virus !!!
c:\Program Files\Netscape\Communicator\Program\The world of lovers.txt.exe
has been deleted.
c:\Program Files\Netscape\Communicator\Program\Panda Titanium Crack.zip.exe
     Found the W32/Lovgate.f@M virus !!!
c:\Program Files\Netscape\Communicator\Program\Panda Titanium Crack.zip.exe
has been deleted.
c:\Program Files\Netscape\Communicator\Program\Winrar + crack.exe
     Found the W32/Lovgate.f@M virus !!!
c:\Program Files\Netscape\Communicator\Program\Winrar + crack.exe has been
deleted.

  Number of clean files: 20390
  Number of infected files: 23
  Number of Trojans: 3
  Number of files deleted: 26

BV

--------------------------------------------------------

Bill Verzal
AIX Administrator, Komatsu America
(847) 970-3726 - direct
(847) 970-4184 - fax

|---------+---------------------------->
| | "Wilson, Jeff" |
| | <Jeff.Wilson@GWL.|
| | COM> |
| | Sent by: IBM AIX |
| | Discussion List |
| | <aix-l@Princeton.|
| | EDU> |
| | |
| | |
| | 08/19/2003 01:04 |
| | PM |
| | Please respond to|
| | IBM AIX |
| | Discussion List |
| | |
|---------+---------------------------->

>
---------------------------------------------------------------------------
----------------------------------------------------|
  |
|
  | To: aix-l@Princeton.EDU
|
  | cc:
|
  | Subject: Re: My Shark has a virus!
|

>
---------------------------------------------------------------------------
----------------------------------------------------|

Are you running NT for the storage manager?

Jeff Wilson
303-737-5399

-----Original Message-----
From: Bill Verzal [mailto:BVerzal@KOMATSUNA.COM]
Sent: Tuesday, August 19, 2003 10:38 AM
To: aix-l@Princeton.EDU
Subject: My Shark has a virus!

Hey all - here is a little reminder for ya.

My ESS control PC became infected with the LovSan virus. As we fought off
this bug enterprise wide, this PC escaped our mind as a vulnerability
because we hardly ever use it.

Check your's out if you haven't.

BV
--------------------------------------------------------

Bill Verzal
AIX Administrator, Komatsu America
(847) 970-3726 - direct
(847) 970-4184 - fax

• Next message: Wilson, Jeff: "Re: My Shark has a virus!"
• Previous message: Patrick B. O'Brien: "Listserve and AIX"
• Maybe in reply to: Bill Verzal: "My Shark has a virus!"
• Next in thread: Wilson, Jeff: "Re: My Shark has a virus!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 22:17:09 EDT