Recieved the following email today... Unable to find anything about this on the web inc. mcafee, sophos etc. so if anyone can shed any light on the following please ?
Many Thanks
We have 2 clients who have reported serious problems which are pointing towards a brand new virus.
Here are the symptoms so far:
1) The virus removed the registry sub keys under HKLM\Systems\CurrentControlSet\Control\Safeboot
The removal of these keys prevents booting into safe mode.
2) The virus deletes the Sophos executables
3) The virus generates traffic to and alpha.bashtel.ru
4) Accessing antivirus websites such as is disabled through IE and Firefox
5) Opening a text file with e.g. written in it hangs notepad
One of the clients has also identified a possible culprit which looks like part of the virus, but it is detected as clean when using McAFee and other AV products. The file is wmdrtc32.dll (and/or wmdrtc32.dl_) and is located in c:\windows\system32 on Windows XP machines (here with SP2)
Many Thanks
We have 2 clients who have reported serious problems which are pointing towards a brand new virus.
Here are the symptoms so far:
1) The virus removed the registry sub keys under HKLM\Systems\CurrentControlSet\Control\Safeboot
The removal of these keys prevents booting into safe mode.
2) The virus deletes the Sophos executables
3) The virus generates traffic to and alpha.bashtel.ru
4) Accessing antivirus websites such as is disabled through IE and Firefox
5) Opening a text file with e.g. written in it hangs notepad
One of the clients has also identified a possible culprit which looks like part of the virus, but it is detected as clean when using McAFee and other AV products. The file is wmdrtc32.dll (and/or wmdrtc32.dl_) and is located in c:\windows\system32 on Windows XP machines (here with SP2)