 |
|
|
 Welcome to the Virus.Org Mailing List Archive |
||
 |
||
|
||
|
We seemed to have been infected with the Philis.bq virus in our network. Mcafee has a tool but the regeneration keeps rebuilding the virus on restart. Presently we have about 35 infected machines. Today we will reimage about 20 of them. Has anyone found a removal method that works for this? We cannot find its method of spreading or stop the kickstart of the virus. Any help would be good. mark -----Original Message----- From: "jayjwa" <[EMAIL PROTECTED]> To: "General DShield Discussion List" <[EMAIL PROTECTED]> Sent: 11/29/06 1:42 AM Subject: Re: [Dshield] POP3 wrong password for .... On Sun, 26 Nov 2006, Tom wrote: -> Heads up. Our logs are showing bot activity increasing over the last month -> or so searching for a user and then trying passwords over and over again to -> authenticate. I was wondering what those where. It's tcpwrapped off anyway. You may be able to use one of those ssh brute force blocking tools modified for POP3. Just change the log the script looks in and search for "wrong password for" and add them to the firewall (maybe time limited). Also I'm seeing alot of VNC attempts (tcp/5900) filling the firewall logs. -- Linux 2.6.18.2 on Pentium II (Klamath) up 69.33 Linux 2.6.18.2 on Intel(R) Pentium(R) 4 CPU 2.80GHz up 20.03 Minix 2.0.4 (currently offline) _________________________________________ _________________________________________
|
All Trademarks Acknowledged.
Please view our Terms and Conditions and our Privacy Policy.