Mailing List Archive

Update (daily: 87)
[. Sorry, this is the same announcement that I sent a few minutes ago but
this time with the proper subject. ]

ClamAV database updated (2004.01.16 02:22 GMT): daily.cvd, viruses.db2
Version: 87

Submission: 547-web
Sender: Farit
Virus: I-Worm.Roron.497 (Kaspersky)
Alias: Worm/Roron.497.C (Hbedv), W32/Oror-J (Sophos), Win32.HLLM.RoRo (Drweb)
Added: Worm.Roro.J

Submission: 550-web
Sender: Trog
Virus: 3 viruses from IVP family
Added: IVP.Birgit.226
Added: IVP.RedPlague.1615
Added: IVP.Rotgrub

Submission: 553-web
Sender: Trog
Virus: 2 Mini viruses
Note: 2 signatures from Trog
Alias: Trivial-62b, Junk/Mini-75c (Sophos), SillyC.75.A (F-prot),
Added: DOS.Mini.62
Added: DOS.Mini.75.C

Submission: 555-web
Sender: Trog
Virus: 39 viruses
Note: 39 signatures from Trog, some were modified.
Added: Airwalker.300
Added: Airwalker.303
Added: Airwalker.384
Added: Airwalker.385
Added: Airwalker.386
Added: Australian.1033.2
Added: Australian.1035.2
Added: Australian.1149.2
Added: BugHunter.295
Added: BugHunter.302
Added: BugHunter.355
Added: BugHunter.359
Added: BugHunter.360
Added: BugHunter.364
Added: Dauq.1537.2
Added: Dauq.2465.2
Added: Insert.282
Added: Insert.622
Added: Leen.636
Added: Leen.782
Added: OneHalf.3482
Added: OneHalf.3544.A.3
Added: OneHalf.3577.2
Added: Rainbow.1910
Added: Rainbow.2337
Added: Unix.Corona.A
Added: Unix.Corona.B
Added: Unix.Gobleen.G
Added: Unix.Gobleen.I
Added: Unix.Klizan.A
Added: Unix.Macman
Added: Unix.Owr.A
Added: Unix.Owr.C
Added: Unix.PSite.2
Added: Unix.Tail.B
Added: Uruguay.2379.2
Added: Uruguay.2456.2
Added: Uruguay.4879.2
Added: Uruguay.6344

Submission: 556-web
Sender: Trog
Virus: 13 viruses
Note: 13 signatures from Trog, some were modified.
Added: SillyO.286
Added: SillyO.498
Added: SillyO.587.A
Added: SillyOC.104
Added: SillyOC.134
Added: SillyOC.152
Added: SillyOC.256
Added: SillyOC.52.B
Added: SillyOC.72
Added: SillyOC.77
Added: SillyOC.80
Added: SillyRC.258.B
Added: SillyRC.261.2

Submission: 557-web
Sender: Trog
Virus: Worm.P2P.Sytro.e
Note: Signature from Trog
Alias: W32/Systro-E (Sophos), Worm/Sytro.E (Hbedv), Win32.HLLW.Sytro (Drweb)
Added: Worm.P2P.Sytro.E

Submission: 558-web
Sender: Trog
Virus: Worm.P2P.Sytro.f
Note: Signature from Trog
Alias: W32/Systro-F (Sophos), Worm/Sytro.F2 (Hbedv), Win32.HLLW.Sytro (Drweb)
Added: Worm.P2P.Sytro.F

Submission: 559-web
Sender: Trog
Virus: Worm.P2P.Sytro.h
Note: Signature from Trog
Alias: W32/Systro-H (Sophos), Worm/Sytro.H1 (Hbedv), Win32.HLLW.Sytro (Drweb)
Added: Worm.P2P.Sytro.H

Submission: 560-web
Sender: Trog
Virus: Worm.P2P.Sytro.n
Note: Signature from Trog
Alias: W32/Systro-N (Sophos), Worm/Sytro.P2P.N (Hbedv), Win32.HLLW.Sytro (Drweb)
Added: Worm.P2P.Sytro.N

Submission: 561-web
Sender: Trog
Virus: Worm.P2P.Sytro.u
Alias: W32/Systro-U (Sophos), Worm/Sytro.P2P.U (Hbedv), Win32.HLLW.Sytro (Drweb)
Added: Worm.P2P.Sytro.U

Submission: 562-web
Sender: Trog
Virus: 11 P2P Worms
Note: Signatures from Trog, some were modified.
Added: Worm.P2P.Cdilla
Added: Worm.P2P.Bat.Bush
Added: Worm.P2P.Bare.C
Added: Worm.P2P.VBS.Herpes
Added: Worm.P2P.HPWG.A
Added: Worm.VBS.BatzBack.B.3
Added: Worm.P2P.Sambud.C
Added: Worm.P2P.Spear.J
Added: Worm.P2P.Zaka.A
Added: Worm.P2P.Zaka.C
Added: Worm.P2P.Zaka.D

Submission: 563-web
Sender: Trog
Virus: Word.Netres.[d.e.f.g]
Note: Signatures from Trog
Added: Worm.Netres.D
Added: Worm.Netres.E
Added: Worm.Netres.F
Added: Worm.Netres.G

Submission: 564-web
Sender: Trog
Virus: 11 various worms
Note: Signatures from Trog, a few were modified.
Added: Worm.FreeBSD.Scalper.D
Added: Worm.Linux.Ramen.C
Added: Worm.Bat.MenLogon
Added: Worm.Netres.C
Added: Worm.Shorm.100.A
Added: Worm.Shorm.100.B
Added: Worm.Shorm.100.C
Added: Worm.SQL.Spida.A
Added: Worm.W32.AimVen
Added: Worm.W32.Nautical-cli
Added: Worm.W32.Opasoft.D.2

Submission: 565-web
Sender: Patrizio Bruno
Virus: Worm.BugBear.B
Added: No. Worm.BugBear.B found.

Submission: n/a, 566-web
Sender: Xavier Poinsard
Virus: false positive of Constructor.Dos.DBCK
Virus: false positive of HLLC.GodSquad
Virus: false positive of HLLO.C-Virus.4096
Added: n/a. False signatures will be removed soon.

Submission: 567-web
Sender: Serge Negodyuck
Virus: BackDoor.AntiLame.20
Added: No. Trojan.Antilam.20b found.

Submission: 569-web
Sender: patrick
Virus: W32/Sober.c@MM virus
Added: No. Worm.Sober.C1 found.

Submission: 570-web
Sender: Christoph
Virus: Trojan.Win32.SomeTrouble
Note: Signatures from Christoph
Alias: Trojan.Sometr (Drweb)
Added: Trojan.Sometrouble-dll
Added: Trojan.Sometrouble-edit

Submission: 571-web
Sender: Christoph
Virus: Worm.P2P.Surnova.d
Virus: Worm.P2P.SpyBot.gen
Note: Signatures from Christoph
Alias: Worm/Surnova.D (Hbedv), W32/Surnova-D (Sophos), Win32.HLLW.Supernova.49152 (Drweb)
Alias: W32/Spybot-Fam (Sophos), Win32.HLLW.SpyBot (Drweb)
Added: Worm.P2P.Surnova.49152
Added: Worm.P2P.SpyBot.gen.2

Submission: 573-web
Sender: Christoph
Virus: Backdoor.Delf.if
Note: Signatures from Christoph
Alias: BackDoor.Elirt.10 (Drweb)
Added: Trojan.Delf.IF
Added: Trojan.Delf.IF-dll

Submission: 574-web
Sender: Dilip M
Virus: unknown
Added: No. It's only text part of a message. Sender contacted.

Submission: 575-web
Sender: Wolf
Virus: false positive of Win32.HLLW.Wargames
Added: n/a. False signature will be removed soon.

Submission: 577-web
Sender: Dennis Generaloff
Virus: unknown
Added: No. Empty file. Sender contacted. Resubmitted as 578-web; done.

Submission: 581-web
Sender: Wolf Schmidt
Virus: false positive of HLLO.4778
Added: n/a. False signature will be removed soon.

Submission: 582-web, 589-web
Sender: Wolf Schmidt
Virus: false positives of HLLC.GodSquad
Added: n/a. False signature will be removed soon.

Submission: 586-web
Sender: Martin Bork
Virus: i-worm.sober.c
Added: No. Worm.Sober.C1 found.

Submission: 590-web
Sender: Bernhard Schmidt
Virus: BDS/Hackarmy.I (Hbedv)
Alias: BackDoor.Hackamy (Drweb)
Added: Trojan.Hackarmy.I

Submission: 45-mail
Sender: root * mailservice.netopia.pt
Virus: unknown
Added: No. Worm.Sober.C1 found in the attachment.

Submission: 46-mail
Sender: Ron Hickman
Virus: suspect
Added: No. Worm.Gibe.F found (precisely: gif image present in damaged Worm.Gibe.F).

--
Tomasz Papszun SysAdm @ TP S.A. Lodz, Poland | And it's only
tomek@lodz.tpsa.pl http://www.lodz.tpsa.pl/ | ones and zeros.
tomek@clamav.net http://www.ClamAV.net/ A GPL virus scanner