Is this new? Worm/Tulu.DOC

Discussion in 'malware problems & news' started by GlennO, Sep 17, 2003.

Thread Status:
Not open for further replies.
  1. GlennO

    GlennO Registered Member

    Joined:
    Jul 29, 2003
    Posts:
    5
    Location:
    Ocean View, Hawaii
    I ran AVG 6.0 AntiVirus yesterday on my Win 98SE Pc. It found and supposedly removed this worm. Afterwards, I used Google to search the web and found only one other article mentioning this worm, a query actually be a novice Pc user who also had AVG find and heal (not remove it) from his system.

    Next I searched the websites of AVG, Norton, McAfee and Trend Micro, and found nothing. The closest I've seen is at Wilders, where a W32/Tulu.A is mentioned. So I wonder if this is a variant?

    Has anyone seen this worm before?

    The symptoms on my Pc was that I kept getting locked up, with a blue screen of death giving a memory location where an error had occurred. Sadly, I didn't write that down. I initially thought it was a bad stick of RAM, so I replaced the stick in the machine with another, but that didn't solve anything.

    Since AVG removed Tulu, I haven't had the problem described above.
     
  2. the Tester

    the Tester Registered Member

    Joined:
    Jul 28, 2002
    Posts:
    2,854
    Location:
    The Gateway to the Blue Hills,WI.
    I got this link from a Google search.
    It appears that it is indeed a "worm type virus" according to Kaspersky antivirus.


    http://www.avp.ch/avpve/worms/win32/tulu.stm
     
  3. GlennO

    GlennO Registered Member

    Joined:
    Jul 29, 2003
    Posts:
    5
    Location:
    Ocean View, Hawaii
    :D Thank you for the quick reply. I went to the web site you mentioned and read through the information. It would appear that the worm I contracted is quite different from the one mentioned at the Kaspersky site.

    In checking for modification to my registry and in some of the files listed at the Kaspersky site, I didn't find any of the changes that it should have made.

    I look forward to hearing more about this one...

    Aloha,
    Glenn
     
  4. Technodrome

    Technodrome Security Expert

    Joined:
    Feb 13, 2002
    Posts:
    2,140
    Location:
    New York
    Have you tried to scan this file with any other AntiVirus Scaner?

    This could be a false positive from AVG.
    http://ths.gardenweb.com/forums/load/comphelp/msg0910100215981.html


    tECHNODROME
     
  5. GlennO

    GlennO Registered Member

    Joined:
    Jul 29, 2003
    Posts:
    5
    Location:
    Ocean View, Hawaii
    Worm/Tulu.DOC

    Keep in mind that my Pc was locking up every five minutes or less until I ran AVG and eliminated the supposed threat. I couldn't even pick up an email, or access any web site...

    With those considerations in mind, I hardly doubt that I was experiencing a glitche. Also, I am enrolled in a web-based Masters Degree program in Learning and Technology, and at least one other student in my class has experienced an identical situation after viewing the same web pages I have visited.

    Based upon the extensive research I have conducted, I suspect that this is either a very obscure, low-level, low-threat worm, or one that is simply not surfacing very much yet. As I pointed out in previous posts, none of the "major" American or European security sites have yet to acknowledge this particular affliction.

    While I don't mean to sound snobbish, I have been involved in this field of computers for the past 37 years (as in punch cards, paper tape, magnetic drums, air-conditioned 5 meg hard drives), so I consider myself to be something less than a novice (my first Pc had a serial number under 1000 and I chose to run USCD as an Op-Sys and not MS-DOS 1.0 which was an optional item, at that time, before Microsoft was a monopoly.) While I admit that I know less than .005% of what there is to know regarding the field of computers, I also suspect that my intuitive skills are sometimes most adequate...

    Hence, I can assure you that I definitely had a problem that was crashing my system, and that by running AVG I was able to eliminate that problem. The fact that AVG, or any of a number of other Anti-Virus houses can offer an explanation for "Worm/Tulu.DOC" leaves me wondering what the problem may be.

    I merely suggest this as it is remotely possibly that I was one of the first people to experience a new worm.

    Considering my remote location out in the middle of the North-Central Pacific Ocean, this would seem to be most unlikely. On the other hand, we probably have very unsophisticated blocking in place... So maybe I caught one that has been shunted elsewhere?

    I merely ask that you consider these possiblities, with the full realization that I will once again find myself to be wrong. I am seeking answers. I am hopeful that some other individuals out there will have some clue regarding the problems I have observed.

    Afterall, different points of perspective, observation and experience can often generate a wide variety of possible solutions that might otherwise go unconsidered.

    Than k-you for listening,

    Aloha,
    Glenn
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.