anyone just get hit with a virus (arp requests)

[zixxer]

Our company just got slammed. it was spreading as well before we took everything down


all with latest symantec dats;

 

[KLin]

I had 2 machines that look like it had viruses. Both of them had their IP settings screwed up, and couldn't renew DHCP. 1 was an XP machine, and the other was a 2000 machine. I had to delete some entries out of the RUN key in the registry, delete the winsock and winsock2 registry keys, uninstall TCP/IP, and reinstall it to get them back up and running.

 

[zixxer]

^^ still happening. machines with the latest updates are broadcasting arp requests like crazy. This started with 4, then turned into 6 machines, then 15 (including a couple servers) when we then hit the switch and shutdown the network

 

[Schadenfroh]

its not named yet?

 

[Ime]

Sounds more like a worm than a virus.

 

[zixxer]

looks like it's labeled as 'wmplayer.exe' also might be linked to local profiles


when I kill wmplayer.exe running in processes the arp requests stop. when rebooting and logging on as admin nothing seems to happen as far as arp requests; although wmplayer is running

 

[hevnsnt]

interesting.. Please send me a sample of wmplayer.exe /// I am a member of a CIRT team for a ma-giganic corp, I work directly with the antivirus vendors..

If you can, Please zip it up with a zip password of 'infected' and send it to hevnsnt () gmail.com

Thanks
.hevnsnt

 

[zixxer]

Originally posted by: hevnsnt
interesting.. Please send me a sample of wmplayer.exe /// I am a member of a CIRT team for a ma-giganic corp, I work directly with the antivirus vendors..

If you can, Please zip it up with a zip password of 'infected' and send it to hevnsnt () gmail.com

Thanks
.hevnsnt

sent


thanks