My Company's Chinese operation started having trouble with slow computers. They found a process winmon.exe running that hadn't been there before. Neither McAfee's Stinger or Virus Scan enterprise identified it as a virus. Adaware didn't identify it as Spyware.
I got a sample and sent in to McAfee and they came back this morning with an extra.dat and a message that it's another varient of W32/GAOBOT.WORM.GEN. I've deployed the extra dat and hopefully they'll pick it up tonight and get everything cleaned up.
We saw lot's of port 135 traffic bouncing off the firewall (from the inside) last night. The A/V people have had a lot of trouble tracking this virus. The story is that theres some outlaw website somewhere where the writer posted the source code. Every would be virus writer and their do is having a go at it.
I got a sample and sent in to McAfee and they came back this morning with an extra.dat and a message that it's another varient of W32/GAOBOT.WORM.GEN. I've deployed the extra dat and hopefully they'll pick it up tonight and get everything cleaned up.
We saw lot's of port 135 traffic bouncing off the firewall (from the inside) last night. The A/V people have had a lot of trouble tracking this virus. The story is that theres some outlaw website somewhere where the writer posted the source code. Every would be virus writer and their do is having a go at it.