Jump to content
  • Who's Online   0 Members, 0 Anonymous, 11 Guests (See full list)

    • There are no registered users currently online

Important Virus Advisory - 23 November 2007

The Highlander

Recommended Posts

there has been discovered two viruses this week that are serious enough to document. they have been

identified as w32/mypis.h and a yet unnamed virus we are calling win32/logogo.


Please note that the major Antivirus brands including Trend Micro, Symantec, and McAfee in

most cases are failing to detect both viruses. Both viruses have destructive payloads, and

have no available clean up tools at this time. Clean at this time is labour intensive.


Fortinet Firewalls have identified w32/mypis.h from the 14th of November 2007, and are

blocking it with pattern files downloaded after this date.

If you see the following behavior on any of your workstation’s, or servers please disconnect

that machine from the network (pull the cable out) to isolate any infection, and contact your IT Administrator or IT person if you require assistance on cleanup. Symptoms observed to date are…



· Logogo.exe present as an operating process.

· Xp.exe located on any drive

· PC crashing when trying to access main operating system drive (C:)

· Chinese lettering appearing within Explorer shell or Internet Explorer context menu.

· Time clock on PC being reset thus preventing the workstation login onto the domain.

· PCs having unexplained crashes when opening Windows Explorer.

· Unexplained faults with PCs network connection. Identified when suspect PC is

“pinged” and return address has unusual character in the resolved network address.



· A quiet achiever.

· This work aggressively attached itself to any .exe file it can find.

· Spreads via email, including using its own SMTP engine. It also tries to spread

through shared resources on a network.

· When run, the worm can delete several files and entries in the records related to

several security applications (antivirus, etc..).

· Every day 3 of each month, the worm can trigger a dangerous and destructive routine

that overwrites all the files with certain extensions, all local drives.

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...