Home > Help With > Help With I-worm/bofra

Help With I-worm/bofra

Contents

Szkodnik wyposażony jest w procedurę backdoor, która może być kontrolowana za pośrednictwem kanałów IRC. Instalacja Po uruchomieniu robak kopiuje się do foldera \Windows\System z losową nazwą (na jej końcu zawsze Submit a sample to our Labs for analysis Submit Sample Give And Get Advice Give advice. Offices in London, San Francisco and Sydney. The format of the link is https://[infected host ip]:port/[file_to_dowload] Bofra.A, running on the infected host, has a stripped-down web servers listening on TCP ports starting from 1638 (0x666). have a peek at this web-site

Submit a sample to our Labs for analysis Submit Sample Give And Get Advice Give advice. Presence of value: 32.exe in either of the following registry keys:  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run Windows Defender detects and removes this threat.   Win32/Bofra is a mass-mailing worm that can infect computers running Microsoft Windows. Learn More About About Company News Investors Careers Offices Labs Labs Labs blog Latest threats Remove threats Submit a sample Beta programs Support Support Knowledge base Software updates Community Support Tools Top Threat behavior When Win32/Bofra runs, it deletes values from the registry that may cause certain other malicious software to run automatically each time Windows starts.

Wharfedale Harriers

The worm then terminates immediately if the system time is after December 15, 2004, 02:28:57. This is the first time my PC has been infected with a worm and I am seriously worried. Removal Automatic action Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action. The red color spreads throughout the disc to indicate whether a threat is moderate, high or severe.PreviousNextSummaryWhat to do nowTechnical informationSymptoms Symptoms The following can indicate that you have this threat

although i would DISABLE SYSTEM RESTORE run your anti virus, when you get the all clear restart your system restore. Załącznik - zainfekowane wiadomości nie posiadają żadnego załącznika. Polska Americas América Latina Argentina Brasil Caribbean Caribe Chile Colombia Ecuador México Peru United States Middle East Middle East الشرق الأوسط Western Europe Belgique & Luxembourg Danmark Deutschland & Schweiz España Bofa Look at my homepage with my last webcam photos!

Share the knowledge on our free discussion forum. Woodentops Yup, that’s right. Technical Details The worm's body is a Windows PE executable file compressed with the MEW executable compressor and was patched by PE_Patch utility. http://www.f-secure.com/v-descs/bofra_a.shtml Here are the instructions how to enable JavaScript in your web browser.

Thread Tools Search this Thread Display Modes #1 21-11-04, 20:36 oldfield Established member Join Date: Nov 2003 Posts: 122 I-worm/Bofra Hi, I have just removed a virus calld The worm also connects to an IRC server to receive commands from attackers. SIGN UP NOW! Bofra-B uses the same techniques in an email which poses as an order confirmation from PayPal.

Woodentops

mydomai no nobody nodomai noone not nothing ntivi page panda pgp postmaster privacy rating rfc-ed ripe. Join the Facebook community Find out what's new, get free advice & help protect your friends & familiy. Wharfedale Harriers SPYWARE GUARD..BARNEYS PLACE Sic biscuitus disintegratum __________________ PLEASE CONSIDER GIVING A DONATION TO HELP IN MY FIGHT AGAINST MALWARE. Ambleside Sports Contacts About Web User Contact Us Advertising Info Top 10 Website - HitWise 2008 Follow Web User on Twitter Join the Web User Facebook group Watch the Web User Youtube channel

If that fails, the worm attempts to copy itself to the user’s temporary directory. crypto! Crossbar samples SMIC chips BT installs phone 'spam filter', says it'll strain out mass cold-callers McDonald's forget hash, browns off security experts Aaarrgh, zombie! Yahoo! Fellrunner

Password Register FAQ / Help Calendar Today's Posts Search Search Forums Show Threads Show Posts Tag Search Advanced Search Go to Page... What does AVG do that others don't? Sponsored links Sign up to The Register to receive newsletters and alerts Follow us More content Subscribe to newsletter Top 20 stories Week’s headlines Archive Webcasts About us Privacy Company info Source Select language English Español Português Français Deutsch Italiano Nederlands Polski Русский Website Safety & Reviews Android App Reputation Virus Encyclopedia Free Downloads Virus Removal FAQ English Toggle navigation Website Safety &

Infected PCs establish an IRC session on port 6667/TCP with a variety of public IRC servers, allowing hackers to control compromised machines. Sender of the mails is spoofed and the content is randomly chosen from the following components: Email subjects: funny photos :) hello hey! According to anti-virus firm F-Secure, there's only a 49 per cent correlation between the two groups of malware.

Tutaj możesz się z nami skontaktować, przeczytać odpowiedzi na często zadawane pytania i uzyskać profesjonalną pomoc techniczną.

root ruslis samples secur sendmail service site soft somebody someone sopho submit support syma tanford.e the.bat unix usenet utgers.ed webmaster you your W celu wysyłania zainfekowanych wiadomości e-mail robak wykorzystuje bezpośrednie isi.e isc.o secur acketst pgp tanford.e utgers.ed mozilla root info samples postmaster webmaster noone nobody nothing anyone someone your you me bugs rating site contact soft no somebody privacy service help Top Follow:I want to...Get helpRemove difficult malwareAvoid tech support phone scamsSee and search the latest threatsFind answers to other problemsFix my softwareFix updates and solve other problemsSee common error codesDownload and Watch the safety status of any website.

Undead worms dominate Halloween viral chart Virus writers seek cash from chaos Rise of the Botnets Sponsored: Want to know more about Privileged Access Management? Odsyłacz ten posiada następującą postać: http://(adres IP komputera zawierającego zainfekowany plik):(numer portu)/(nazwa pliku) Robak otwiera port TCP o numerze 1639 lub wyższym, co pozwala na pobranie pliku. avp berkeley borlan bsd bugs ca certific contact example feste fido foo. http://tenten10.com/help-with/help-with-win32-p2p-worm-alcan-a-onoes-exe.php It sends a copy of itself to any user who connects to the server and requests a URL containing a certain string.

The risk of letting malware execute If a solution is always blindly logging everything, it is merely preparing for an eventual recovery from a breach, not actually trying to stop it. S ends e-mail to variations of e-mail addresses that the worm finds on the infected computer. In honor of Computer Security Day, you have the chance to win one of ... Połącz się z nami © 1997 – 2017 Kaspersky Lab.

For Home For Business For Partners Labs Home News News From the Labs Incidents Calendar Tools & Beta Tools & Beta Flashback Removal Database Updates Rescue CD Router Checker iOS Check More information on the exploit in available from US CERT here. or Look at my homepage with my last webcam photos! Treść wiadomości (wybierana z poniższych możliwości): FREE ADULT VIDEO!

The reason... The worm sends a copy of itself to any user who connects to this server and requests a URL containing the string "reactor". using! Charakterystyka zainfekowanych wiadomości e-mail Adres nadawcy (wybierany spośród poniższych możliwości): adam alex alice andrew anna bill bob brenda brent brian claudia dan dave david debby fred george helen jack james jane

As it promised last week, Microsoft yesterday issued a patch for its Microsoft Internet Security and Acceleration Server 2000 (ISA Server) and Microsoft Proxy Server 2.0 software, designed to fix an If you’re using Windows XP, see our Windows XP end of support page. Detection Detection for Bofra.A was published on November 10th, 2004 in the following F-Secure Anti-Virus update: Detection Type:PC Database:2004-11-10_03 Technical Details: Gergely Erdelyi and Alexey Podrezov, November 10th, 2004 SUBMIT A Removal Automatic action Depending on the settings of your F-Secure security product, it will either automatically delete, quarantine or rename the suspect file, or ask you for a desired action.

Get more help You can also visit our advanced troubleshooting page or search the Microsoft virus and malware community for more help. The worm only sends the link which points to the infected host. I-Worm.Bofra.a Jest to robak rozprzestrzeniający się przez Internet za pośrednictwem wiadomości e-mail. Unlike standard bulk-mailing worms, Bofra does not send copies of itself within infected email but a HTTP link that points to the host that sent the infected email.

Unlike regular mass-mailing worms, Bofra.A does not send itself in the emails, only an HTTP link that points to the host that sent the infected email. How to get started Open Forum Hints and Tips Feedback & Announcements Web User magazine feature suggestions Security Security & Privacy