Mailing List Archive

Update (daily: 80)
ClamAV database updated (2004.01.10 03:00 GMT): daily.cvd, viruses.db2
Version: 80

Submission: 447-web
Sender: Eyvind Hult
Virus: W32/Gaobot.worm.gen.d
Added: No. The same file as in 441-web. Processed in "daily 77".

Submission: 473-web
Sender: dabfus
Virus: suspect
Added: Not yet. Must be verified.

Submission: 474-web
Sender: Trog
Virus: Stoned.PC-AT.f
Alias: Evil Empire #4 (Hbedv), Evil Empire-f (Sophos), Empire (Drweb)
Added: Evil_Empire_4

Submission: 477-web
Sender: Trog
Virus: SillyC.223.c
Virus: SillyC.241.c
Alias: DOS/SillyC.223.C (Hbedv), SillyC-223C (Sophos), Cybertech.223 (Drweb)
Alias: DOS/SillyC.241.c (Hbedv), Trivial-241b (Sophos), SillyC.241 (Drweb)
Added: SillyC.223.C
Added: SillyC.241.C
Note: 2 signatures submitted by the sender.

Submission: 478-web, 479-web
Sender: Dirk Meyer
Virus: W32/Sober.c@MM
Added: No. Worm.Sober.C1 found.

Submission: 480-web
Sender: Matthias Meyser
Virus: suspect
Added: No. Not a virus. Besides email addresses, only some binary data.

Submission: 481-web
Sender: Edward
Virus: Win32.HLLM.Bugbear.2
Added: No. Worm.BugBear.B found.

Submission: 482-web
Sender: Edward
Virus: Win32.HLLM.Yaha.64000
Added: No. W32/Yaha.g.dam found.

Submission: 483-web
Sender: Edward
Virus: Win32.HLLM.Reteras
Added: No. Worm.Sobig.E found.

Submission: 484-web
Sender: Edward
Virus: Win98.Vecna.25088
Added: No. W98/Hybris.E found.

Submission: 485-web
Sender: Alistair Phipps
Virus: VBS.Inor
Alias: TR/Inor.U (Hbedv), VBS/Suzer-B (Sophos), Trojan.Inor (Drweb)
Added: Trojan.VBS.Inor.U

Submission: 486-web
Sender: Gino Paletta
Virus: Downloader.SMALL.bg
Alias: TR/Small.AR (Hbedv), Trojan.PWS.LDPinch (Drweb)
Added: Trojan.Small.AR

Submission: 501-web
Sender: Trog
Virus: Elf.2647
Alias: Elf.dropper.2647 (Drweb)
Added: Elf.2647

Submission: 502-web
Sender: Heinz Ulrich Stille
Virus: Exploit.IFrame.Gen, suspect binary
Added: No. Exploit.IFrame.Gen and Worm.Gibe.F found.

Submission: 503-web
Sender: Gino Paletta
Virus: TROJ_ESEPOR.B
Added: No. Trojan.Esepor.B found.
Note: You sent the same file in 469-web.

Submission: 504-web
Sender: Gino Paletta
Virus: TROJ_DELF.AB
Added: No. Trojan.Delf.AB found.
Note: You sent the same file in 468-web.

Submission: 505-web, 507-web
Sender: Johannes Lyttbacka, Patrick Andry
Virus: TROJ_XOMBE.A (Trend)
Alias: TR/DL906e (Hbedv), Xombe (F-Secure), Troj/Dloader-L (Sophos)
Added: No. Dropper.Agobot.X1 found in the attachment.

Submission: 506-web
Sender: Roman Veretelnikov
Virus: unknown
Alias: Win32.HLLM.Dumaru (Drweb)
Added: Trojan.Yandex

--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
tomek@lodz.tpsa.pl http://www.lodz.tpsa.pl/ | ones and zeros.
tomek@clamav.net http://www.ClamAV.net/ A GPL virus scanner
Re: Update (daily: 80) [ In reply to ]
ClamAV database updated (2004.01.16 02:22 GMT): daily.cvd, viruses.db2
Version: 87

Submission: 547-web
Sender: Farit
Virus: I-Worm.Roron.497 (Kaspersky)
Alias: Worm/Roron.497.C (Hbedv), W32/Oror-J (Sophos), Win32.HLLM.RoRo (Drweb)
Added: Worm.Roro.J

Submission: 550-web
Sender: Trog
Virus: 3 viruses from IVP family
Added: IVP.Birgit.226
Added: IVP.RedPlague.1615
Added: IVP.Rotgrub

Submission: 553-web
Sender: Trog
Virus: 2 Mini viruses
Note: 2 signatures from Trog
Alias: Trivial-62b, Junk/Mini-75c (Sophos), SillyC.75.A (F-prot),
Added: DOS.Mini.62
Added: DOS.Mini.75.C

Submission: 555-web
Sender: Trog
Virus: 39 viruses
Note: 39 signatures from Trog, some were modified.
Added: Airwalker.300
Added: Airwalker.303
Added: Airwalker.384
Added: Airwalker.385
Added: Airwalker.386
Added: Australian.1033.2
Added: Australian.1035.2
Added: Australian.1149.2
Added: BugHunter.295
Added: BugHunter.302
Added: BugHunter.355
Added: BugHunter.359
Added: BugHunter.360
Added: BugHunter.364
Added: Dauq.1537.2
Added: Dauq.2465.2
Added: Insert.282
Added: Insert.622
Added: Leen.636
Added: Leen.782
Added: OneHalf.3482
Added: OneHalf.3544.A.3
Added: OneHalf.3577.2
Added: Rainbow.1910
Added: Rainbow.2337
Added: Unix.Corona.A
Added: Unix.Corona.B
Added: Unix.Gobleen.G
Added: Unix.Gobleen.I
Added: Unix.Klizan.A
Added: Unix.Macman
Added: Unix.Owr.A
Added: Unix.Owr.C
Added: Unix.PSite.2
Added: Unix.Tail.B
Added: Uruguay.2379.2
Added: Uruguay.2456.2
Added: Uruguay.4879.2
Added: Uruguay.6344

Submission: 556-web
Sender: Trog
Virus: 13 viruses
Note: 13 signatures from Trog, some were modified.
Added: SillyO.286
Added: SillyO.498
Added: SillyO.587.A
Added: SillyOC.104
Added: SillyOC.134
Added: SillyOC.152
Added: SillyOC.256
Added: SillyOC.52.B
Added: SillyOC.72
Added: SillyOC.77
Added: SillyOC.80
Added: SillyRC.258.B
Added: SillyRC.261.2

Submission: 557-web
Sender: Trog
Virus: Worm.P2P.Sytro.e
Note: Signature from Trog
Alias: W32/Systro-E (Sophos), Worm/Sytro.E (Hbedv), Win32.HLLW.Sytro (Drweb)
Added: Worm.P2P.Sytro.E

Submission: 558-web
Sender: Trog
Virus: Worm.P2P.Sytro.f
Note: Signature from Trog
Alias: W32/Systro-F (Sophos), Worm/Sytro.F2 (Hbedv), Win32.HLLW.Sytro (Drweb)
Added: Worm.P2P.Sytro.F

Submission: 559-web
Sender: Trog
Virus: Worm.P2P.Sytro.h
Note: Signature from Trog
Alias: W32/Systro-H (Sophos), Worm/Sytro.H1 (Hbedv), Win32.HLLW.Sytro (Drweb)
Added: Worm.P2P.Sytro.H

Submission: 560-web
Sender: Trog
Virus: Worm.P2P.Sytro.n
Note: Signature from Trog
Alias: W32/Systro-N (Sophos), Worm/Sytro.P2P.N (Hbedv), Win32.HLLW.Sytro (Drweb)
Added: Worm.P2P.Sytro.N

Submission: 561-web
Sender: Trog
Virus: Worm.P2P.Sytro.u
Alias: W32/Systro-U (Sophos), Worm/Sytro.P2P.U (Hbedv), Win32.HLLW.Sytro (Drweb)
Added: Worm.P2P.Sytro.U

Submission: 562-web
Sender: Trog
Virus: 11 P2P Worms
Note: Signatures from Trog, some were modified.
Added: Worm.P2P.Cdilla
Added: Worm.P2P.Bat.Bush
Added: Worm.P2P.Bare.C
Added: Worm.P2P.VBS.Herpes
Added: Worm.P2P.HPWG.A
Added: Worm.VBS.BatzBack.B.3
Added: Worm.P2P.Sambud.C
Added: Worm.P2P.Spear.J
Added: Worm.P2P.Zaka.A
Added: Worm.P2P.Zaka.C
Added: Worm.P2P.Zaka.D

Submission: 563-web
Sender: Trog
Virus: Word.Netres.[d.e.f.g]
Note: Signatures from Trog
Added: Worm.Netres.D
Added: Worm.Netres.E
Added: Worm.Netres.F
Added: Worm.Netres.G

Submission: 564-web
Sender: Trog
Virus: 11 various worms
Note: Signatures from Trog, a few were modified.
Added: Worm.FreeBSD.Scalper.D
Added: Worm.Linux.Ramen.C
Added: Worm.Bat.MenLogon
Added: Worm.Netres.C
Added: Worm.Shorm.100.A
Added: Worm.Shorm.100.B
Added: Worm.Shorm.100.C
Added: Worm.SQL.Spida.A
Added: Worm.W32.AimVen
Added: Worm.W32.Nautical-cli
Added: Worm.W32.Opasoft.D.2

Submission: 565-web
Sender: Patrizio Bruno
Virus: Worm.BugBear.B
Added: No. Worm.BugBear.B found.

Submission: n/a, 566-web
Sender: Xavier Poinsard
Virus: false positive of Constructor.Dos.DBCK
Virus: false positive of HLLC.GodSquad
Virus: false positive of HLLO.C-Virus.4096
Added: n/a. False signatures will be removed soon.

Submission: 567-web
Sender: Serge Negodyuck
Virus: BackDoor.AntiLame.20
Added: No. Trojan.Antilam.20b found.

Submission: 569-web
Sender: patrick
Virus: W32/Sober.c@MM virus
Added: No. Worm.Sober.C1 found.

Submission: 570-web
Sender: Christoph
Virus: Trojan.Win32.SomeTrouble
Note: Signatures from Christoph
Alias: Trojan.Sometr (Drweb)
Added: Trojan.Sometrouble-dll
Added: Trojan.Sometrouble-edit

Submission: 571-web
Sender: Christoph
Virus: Worm.P2P.Surnova.d
Virus: Worm.P2P.SpyBot.gen
Note: Signatures from Christoph
Alias: Worm/Surnova.D (Hbedv), W32/Surnova-D (Sophos), Win32.HLLW.Supernova.49152 (Drweb)
Alias: W32/Spybot-Fam (Sophos), Win32.HLLW.SpyBot (Drweb)
Added: Worm.P2P.Surnova.49152
Added: Worm.P2P.SpyBot.gen.2

Submission: 573-web
Sender: Christoph
Virus: Backdoor.Delf.if
Note: Signatures from Christoph
Alias: BackDoor.Elirt.10 (Drweb)
Added: Trojan.Delf.IF
Added: Trojan.Delf.IF-dll

Submission: 574-web
Sender: Dilip M
Virus: unknown
Added: No. It's only text part of a message. Sender contacted.

Submission: 575-web
Sender: Wolf
Virus: false positive of Win32.HLLW.Wargames
Added: n/a. False signature will be removed soon.

Submission: 577-web
Sender: Dennis Generaloff
Virus: unknown
Added: No. Empty file. Sender contacted. Resubmitted as 578-web; done.

Submission: 581-web
Sender: Wolf Schmidt
Virus: false positive of HLLO.4778
Added: n/a. False signature will be removed soon.

Submission: 582-web, 589-web
Sender: Wolf Schmidt
Virus: false positives of HLLC.GodSquad
Added: n/a. False signature will be removed soon.

Submission: 586-web
Sender: Martin Bork
Virus: i-worm.sober.c
Added: No. Worm.Sober.C1 found.

Submission: 590-web
Sender: Bernhard Schmidt
Virus: BDS/Hackarmy.I (Hbedv)
Alias: BackDoor.Hackamy (Drweb)
Added: Trojan.Hackarmy.I

Submission: 45-mail
Sender: root * mailservice.netopia.pt
Virus: unknown
Added: No. Worm.Sober.C1 found in the attachment.

Submission: 46-mail
Sender: Ron Hickman
Virus: suspect
Added: No. Worm.Gibe.F found (precisely: gif image present in damaged Worm.Gibe.F).

--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
tomek@lodz.tpsa.pl http://www.lodz.tpsa.pl/ | ones and zeros.
tomek@clamav.net http://www.ClamAV.net/ A GPL virus scanner