WORM_NTSHATA.D

Discussion in 'malware problems & news' started by tomteeth, Oct 31, 2002.

Thread Status:
Not open for further replies.
  1. tomteeth

    tomteeth Registered Member

    Joined:
    May 23, 2002
    Posts:
    153
    Location:
    filthydelphia
    Hello, This guy says he has this worm, (WORM_NTSHATA.D) but i cannot find it anywhere, has anyone here ever heard of it? He said he wrote it down when he saw the name!
     
  2. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,877
    Location:
    New England
    The closest thing I could find to that name was this: W32/Nahata.D (I-Worm.Nahata.C)

    From http://www.pandasecurity.com/virus-encyclopedia.html (once there, search for Nahata):

    ----------------------------
    Name: W32/Nahata.D
    Alias: I-Worm.Nahata.C
    Virus Categories: Worm
    Repairable: Yes
    Date of Activation:
    Included in the "Wild List": No

    Basic Information: Nahata.D is a worm initially designed to spread via e-mail and overwrite files with certain extensions. However, errors in its code prevent it from performing these actions. Hence, Nahata.D poses no threat to users.

    The worm is written in Visual Basic and reaches systems in a 28,160 byte-long file compressed with UPX. Once decompressed, Nahata.D is 819,20 bytes in size.
    ----------------------------

    He can use the size information above to see if what he found fits those parameters.

    Also, see the site below for more information, including the registry keys this worm is supposed to set, if it even works. (I'm not clear on whether this worm actually works from reading these two references). He should be able to check for those registry keys, as well.

    http://www.sophos.com/virusinfo/analyses/w32nahatad.html

    Best Wishes,
    LowWaterMark
     
  3. tomteeth

    tomteeth Registered Member

    Joined:
    May 23, 2002
    Posts:
    153
    Location:
    filthydelphia
    LowWaterMark
    Thank you very much, thats got to be it, I could not find anything on this! Tom
     
Thread Status:
Not open for further replies.