Results 1 to 3 of 3

Thread: BKDR_SURILA.B

  1. #1
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    BKDR_SURILA.B

    This morning I awoke to find a PC-Cillin message on my screen from my daily, overnight scan. It had found and quarentined the subject on my computer. The actual file it said it had quarentined is called SVKP.SYS from the System32 directory. I'm wondering if anyone has encountered this one lately? I did some followup reading, not only at the Trend Micro site, but others as well. I had to rely on using the part of the name SURILA.B and found a couple of other variants on this one shown in various places. According to the Trend Micro readme on their latest pattern file, this one was just entered in their latest release, which thankfully I ALWAYS load whenever I get notified. There were a few references in the material I read that seem to indicate that it gets transported via the MYDOOM strain, but I dunno wha' happened in my case. This is the first time I've been hit with ANYTHING for several, several years, thanks to good anti-virus and Mailwasher. I only received a few emails yesterday, all from trusted sources, like Fred Langa and the Twodogs newsletter. I've also looked in the Moz history file at every link from yesterday and can't spot any sites that would raise suspicion. Well, anyway, just an alert...

    P.S. I checked my machine and the registry for the file names and registry keys I found mentioned in my reading and I don't find any evidence, so I guess I'm OK (for now).

  2. #2
    4 Star Lounger
    Join Date
    Oct 2001
    Location
    Bellevue, Nebraska, USA
    Posts
    569
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: BKDR_SURILA.B

    Well Al, I'll reply just so you know we are not ignoring you. As you noted, it seems to be related to SURILA.B - I found where Symantec tied it to a Trojan called Backdoor.Nemog.C - still a relatively low risk bad guy. It noted
    that in addition to SVKP.SYS, it also created

    dx32cxlp.exe
    dx32cxel.sys
    iexp1orer.exe
    systemst.exe

    You might want to search for them.

    Bill
    Bill (AFE7Ret)
    Freedom is NOT Free!
    Heat is the bane of all electronics!

    ─────────────────────

  3. #3
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: BKDR_SURILA.B

    Yeah, I did the same reading you did I guess and have checked for those file names. OK so far. I also went to Gibson's site and ran his Shields Up to check all my ports and there's none open - he declares me "stealth" so I guess PCCillin did its job and killed the critter straight away. Thanks for the words.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •