Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Symantec - July 5th Defs (edzy)

  • Please log in to reply
No replies to this topic

#1 JoeCelli


  • Members
  • 1 posts
  • Local time:01:16 AM

Posted 14 July 2007 - 08:31 AM

I am a little confused by a Worm I was fighting last week. This virus added several lines to the registry on our Windows 2000
Servers, one of the lines was in the HKLM - Run eDzy [Anti Virus] and it was startup an infected file using a random name.
We are using Symantec Corporate Edition 10 when we had issues we had the Definitions from July 4th. I forcefully killed the
process, killed the file and then removed the keys manually. I updated the server with the Rapid Release Defs and did a full
scan. Symantec's new defs (July 5th and beyond) find this as W32.SPYBOT.WORM when I researched this virus on Symantec's
Site their write up hasn't been updated since January 2007. I did some online scans and Bitdefender found this as a different trojan
as did Trend.

Later that week we found a PC with similar symptoms and rather than the eDzy key it had a Moron key. Some of the symptoms are
loss of Internet Access, loss of the ability to automatically get virus defs updated, loss of adminstrative shares. Pretty much seems
like a virus thats purpose is to cause lack of service to and from the infected pc.

I did see another message where someone had posted that particular key, I would like to know how this worm got on my network
and why Symantec hasn't listed this as a newer threat.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users