Car Insurance | Credit Counseling | Remortgage | Payday Loan | Libros recomendados
New Virus?? [Archive] - FreeConservatives
PDA

View Full Version : New Virus??

dajoga
09-02-2004, 10:18 AM
My eTrust AV just detected a virus in one of my emails--don't know if it's new or it finally got to me--details:

From: "Rod Koehler" <Watsonepf@nparsons.netlineuk.net
Subject: Fw: submissions end september 8th-Sun, 29 Aug 2004 13:59:16-0300
Virus name: JS.Suzer!downloader
Details: Message Part-JS.Suzer! downloader trojan, Removed

I guess that last line is just my AV telling me it's gone. eTrust "strongly" recommended a scan which I did, but nothing came up. There were 86 files it couldn't scan--what are they and why?

What's curious is that my ISP caught 10 emails with a virus but not this one, and I don't remember this 'sender' when I filtered emails to my inbox and deleted those I didn't want. Maybe I just missed it or is it b/c it's a trojan; that it came with one I did send to my inbox. If so, how can I tell which email it rode in on?

Anyone else get this one?

JS.Suzer!--Suzie did you start this?? LOL /ubbthreads/images/graemlins/jk.gif
nosferatuscoffin
09-02-2004, 11:34 AM
As found on CA's site:
*************************
VBS.Suzer is a family of trojans that attempt to exploit vulnerabilities in Internet Explorer to install other trojans.

A Suzer trojan is usually found on a web page, which attempts to drop a trojan file onto the local disk and then execute it. To do this, the trojan exploits an object tag vulnerability in Internet Explorer. For more information, please visit:

http://www.microsoft.com/technet/security/bulletin/ms03-040.asp

If successful, the trojan may run a .VBS file (e.g. "q.vbs") as well as an executable (.EXE) file. Some variants download another .EXE file from a remote location. The program that is downloaded by VBS.Suzer varies; samples observed by Computer Associates include the trojans Win32.DKS, Win32.Reign.A, Win32.Myss.Q and Win32.Cadejar.

Often Suzer will also attempt to kill processes related to anti-virus software.
*************************

You should be fine. This is a very recent derivative of the Suzer (Suzie (!)) /ubbthreads/images/graemlins/laugh.gif trojans. It was first reported on August 30 and E-Trust has already updated their definitions and taken care of that. The reason the ISP did not catch it is that most ISP's use Norton for mail scanning and Norton is generally slower to update their definitions that CA is.

The 86 files that could not be scanned are system files that were already open, so they would not be able to be scanned as that would be an illegal file access. However, I would not worry about it as EZ-AV has alreay taken care of it. To be on the safe side, you could boot your PC in Safe Mode and tun another scan.