We have just been hit at work with a virus, via mail.

IF YOU RECIEVE A MAIL WITH AN ATTACHMENT ZIPPED_FILES.EXE DO NOT OPEN IT.

It scans mail and replies to them, so that it looks like a reputable mail. It is causing havoc here, wipes files (DOC, XLS, etc), even off network drives. Restarts itself on machine reboot.

There is alot of information on the net about old versions of this virus.

Forgot to say that it got past latest anti-virus sofware.

whats it called? sounds like a nasty one

Forgotton the actaul name, back at home now, but it replies to unread mail ...

I got your email, will look at it later, meanwhile look at these files.

Or something along those lines.

Search on the net for "virus zipped_files.exe" and there is a bit of info on it.

The original mail got blocked at the gateway because it had a .exe extension, but the user said it was legit and asked for it to be forwarded on. The support guy opened the attachment to check it wasn't porn and started the virus off. It went undetected for a few hours, until a lot of people report to the service desk that Winzip wasn't working!!!! It sits on the PC wiping out .DOC .XLS .PPT etc., the files show as 0 bytes. It also creates an EXPLORER.EXE in system32, and adds an entry in the registry to restart upon reboot. A lot of files have been destroyed on network shares.

what silly sausage would open a .exe then? i dont even open .docs and .xls without multiple confirmation that they are fine from the sender!!! (given that I know VBA i know how dangerous .xls's are... even before microsoft knew :rolleyes: )

One of our "Intel Server support" team. :eek:

Checking it wasn't porn :rolleyes:

It is part of thier standard procedure though, and was told that it was a legit file from the recipient.

Luckily I support Compaq Alpha servers, so I don't have to stay at work for hours/days trying to fix it. :) We do have some shares on our OpenVMS systems (via pathworks), and they have not been affected, all files still intact. :D

This was updated today on McAfee

http://vil.mcafee.com/dispVirus.asp?virus_k=10339

jdbgmgr.exe anyone herad of this one?????

Originally posted by vader
jdbgmgr.exe anyone herad of this one?????

Well known hoax e-mail m8. If you get an e-mail telling you to delete it just ignore it.

thanks mate

Just out of curiousity, but don't companies block .exe and other certain "risky" file types on their email server? I know we do.

If people keep coming up with different variations of viruses with file names like xxx.exe or yyy.exe then doesn't it really defeat the whole purpose of a new email.

Except home users of course.....

There is a whole list of file types capable of carrying viruses of various types. E.g *.pif, *.scr, *.hta, *.vbs

They also use other "tricks" like double extensions e.g Picture.jpg.exe to entice people to open them...