ALEVRIUS!

From: Geert Kiers <kweb(at)kweb.on.ca>
Date: Thu Feb 06 2003 - 13:39:28 EST

Greetings:

I'd rather just read the mail and not be a regular. Too many auto respondeers coming back at me say "I'm not in until such and such a time. In case of emergency contact ....", each time I post but... I have a problem, I think.

Who or what is ALEVRIUS!

Is it related to ALEVIR or the Opaserv/Opasoft worm?

The reason I ask, we had a number of weird things happening on our little network this morning so I decided to run MS Netmon and captue a while. When I finished capturing I did a Find All Names. and it discovered a new one:

ALEVRIUS! [no transposition (sp?) error. It is ALEVRIUS! with the exclamation mark] associated with a specific ip address with a valid appearing dynamic DNS name.

Now we run mainly NT servers and I get the sense that if it is ALEVIR that our hosts may not get infected. Still I am scanning our drives for occurances of alevir, scrsvr, brasil, marco!, instit, mqbkup and mmstask. In all cases hoping (or not) to find the .exe file which is supposed to be the driver. As a last thought, I also searched for alevrius. All searches were negative.

I did a search of online.securityfoucs.com/archives for both alevir and alevrius! but found not match. I assume, then. that this is either a new topic or one of little importance. Can anyone enlighten me?

Regards,

Geert

---

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Thu Feb 6 17:23:13 2003