| VID |
24059 |
| Severity |
40 |
| Port |
139,445 |
| Protocol |
TCP |
| Class |
BackDoor |
| Detailed Description |
The Windows system appears to be infected by a virus or worm. This check checks for the following viruses (or worms):
- W32/Badtrans-B, JS_GIGGER.A@mm, W32/Vote-A, CodeRed
- W32.Sircam.Worm@mm, W32.Nimda.A@mm, W32.Goner.A@mm
- W32.Lovgate, W32.Deloder, W32.NiceHello.A, Win32/Sobig.worm.B
- Win32/Sobig.worm.C, Win32/Spybot.worm, Win32/Magold.worm
- Win32/Naco.worm, W32/Fizzer.gen@MM, W32/Kickin@MM
- Win32/Lovelorn.worm, Win32/Coronex.worm, Win32/Morbex.worm
- W32/Wanor@MM, W32/Yaha.q@MM, Win32/Ganda.worm
- Win32/Yaha.worm
* Note: This check requires an account with administrative privileges which can log into the host to scan. Absence of these condition will result in the check not being performed and a False Negative for all vulnerable hosts.
* References:
http://www.infos3000.com/infosvirus/badtransb.htm
http://securityresponse.symantec.com/avcenter/venc/data/w32.badtrans.b@mm.html
http://www.infos3000.com/infosvirus/jsgiggera.htm
http://securityresponse.symantec.com/avcenter/venc/data/js.gigger.a@mm.html
http://www.infos3000.com/infosvirus/vote%20a.htm
http://www.symantec.com/avcenter/venc/data/w32.vote.a@mm.html
http://www.infos3000.com/infosvirus/codered.htm
http://www.symantec.com/avcenter/venc/data/codered.worm.html
http://www.infos3000.com/infosvirus/w32sircam.htm
http://www.symantec.com/avcenter/venc/data/w32.sircam.worm@mm.html
http://www.infos3000.com/infosvirus/nimda.htm
http://www.symantec.com/avcenter/venc/data/w32.nimda.a@mm.html
http://www.infos3000.com/infosvirus/goner%20a.htm
http://www.symantec.com/avcenter/venc/data/w32.goner.a@mm.html
* Affected Platforms:
Microsoft Windows Any version |
| Recommendation |
Remove it from the infected computer by using a anti-virus program (vaccine program).
If you do not have an anti-virus program installed, download and install one of these virus scanners:
Norton AntiVirus: http://www.symantec.com/downloads/
McAfee VirusScan: http://download.mcafee.com/default.asp
Trend Micro PC-Cillin: http://www.antivirus.com/pc-cillin/ |
| Related URL |
(CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
