Is this new? Worm/Tulu.DOC

Discussion in 'malware problems & news' started by GlennO, Sep 17, 2003.

Thread Status:
Not open for further replies.
  1. GlennO

    GlennO Registered Member

    Joined:
    Jul 29, 2003
    Posts:
    5
    Location:
    Ocean View, Hawaii
    I ran AVG 6.0 AntiVirus yesterday on my Win 98SE Pc. It found and supposedly removed this worm. Afterwards, I used Google to search the web and found only one other article mentioning this worm, a query actually be a novice Pc user who also had AVG find and heal (not remove it) from his system.

    Next I searched the websites of AVG, Norton, McAfee and Trend Micro, and found nothing. The closest I've seen is at Wilders, where a W32/Tulu.A is mentioned. So I wonder if this is a variant?

    Has anyone seen this worm before?

    The symptoms on my Pc was that I kept getting locked up, with a blue screen of death giving a memory location where an error had occurred. Sadly, I didn't write that down. I initially thought it was a bad stick of RAM, so I replaced the stick in the machine with another, but that didn't solve anything.

    Since AVG removed Tulu, I haven't had the problem described above.
     
  2. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    I got this link from a Google search.
    It appears that it is indeed a "worm type virus" according to Kaspersky antivirus.


    http://www.avp.ch/avpve/worms/win32/tulu.stm
     
  3. GlennO

    GlennO Registered Member

    Joined:
    Jul 29, 2003
    Posts:
    5
    Location:
    Ocean View, Hawaii
    :D Thank you for the quick reply. I went to the web site you mentioned and read through the information. It would appear that the worm I contracted is quite different from the one mentioned at the Kaspersky site.

    In checking for modification to my registry and in some of the files listed at the Kaspersky site, I didn't find any of the changes that it should have made.

    I look forward to hearing more about this one...

    Aloha,
    Glenn
     
  4. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Have you tried to scan this file with any other AntiVirus Scaner?

    This could be a false positive from AVG.
    http://ths.gardenweb.com/forums/load/comphelp/msg0910100215981.html


    tECHNODROME
     
  5. GlennO

    GlennO Registered Member

    Joined:
    Jul 29, 2003
    Posts:
    5
    Location:
    Ocean View, Hawaii
    Worm/Tulu.DOC

    Keep in mind that my Pc was locking up every five minutes or less until I ran AVG and eliminated the supposed threat. I couldn't even pick up an email, or access any web site...

    With those considerations in mind, I hardly doubt that I was experiencing a glitche. Also, I am enrolled in a web-based Masters Degree program in Learning and Technology, and at least one other student in my class has experienced an identical situation after viewing the same web pages I have visited.

    Based upon the extensive research I have conducted, I suspect that this is either a very obscure, low-level, low-threat worm, or one that is simply not surfacing very much yet. As I pointed out in previous posts, none of the "major" American or European security sites have yet to acknowledge this particular affliction.

    While I don't mean to sound snobbish, I have been involved in this field of computers for the past 37 years (as in punch cards, paper tape, magnetic drums, air-conditioned 5 meg hard drives), so I consider myself to be something less than a novice (my first Pc had a serial number under 1000 and I chose to run USCD as an Op-Sys and not MS-DOS 1.0 which was an optional item, at that time, before Microsoft was a monopoly.) While I admit that I know less than .005% of what there is to know regarding the field of computers, I also suspect that my intuitive skills are sometimes most adequate...

    Hence, I can assure you that I definitely had a problem that was crashing my system, and that by running AVG I was able to eliminate that problem. The fact that AVG, or any of a number of other Anti-Virus houses can offer an explanation for "Worm/Tulu.DOC" leaves me wondering what the problem may be.

    I merely suggest this as it is remotely possibly that I was one of the first people to experience a new worm.

    Considering my remote location out in the middle of the North-Central Pacific Ocean, this would seem to be most unlikely. On the other hand, we probably have very unsophisticated blocking in place... So maybe I caught one that has been shunted elsewhere?

    I merely ask that you consider these possiblities, with the full realization that I will once again find myself to be wrong. I am seeking answers. I am hopeful that some other individuals out there will have some clue regarding the problems I have observed.

    Afterall, different points of perspective, observation and experience can often generate a wide variety of possible solutions that might otherwise go unconsidered.

    Than k-you for listening,

    Aloha,
    Glenn
     
Loading...
Thread Status:
Not open for further replies.