Snow White Virus (TROJ_HYBRIS.M)

Bill Rowlett · Post by **Bill Rowlett** » 14 Sep 2001 11:02 am

I got several email messages with the Snow White Virus (TROJ_HYBRIS.M) virus today. The sender is shown as HaHaHa, however when I traced them they appear to have originated from a member of this forum. I think that it is likely that a virus has taken over his machine and is using his address book to send copies of itself.

I have emailed the person that I think the message originated from and will not reveal his name, however if other forum members are getting these messages today, please respond to the board so we can verify the virus is active.

Bill

Jim Smith · Post by **Jim Smith** » 14 Sep 2001 11:36 am

I have also received several virus email from HaHaHa, but haven't tried to trace back to who it is.

Bill Rowlett · Post by **Bill Rowlett** » 14 Sep 2001 12:35 pm

The person I suspected confirmed that he had received this email header for several months. He said that he had opened the first one (.exe file) and did nothing with it because it appeared to be porno related. He has since been receiving these emails regularly. I seem to remember that this was an ugly virus that propagates via email. I'll research it and post further updates. I suspect that it is now resident on his machine either as a trogan or worm.

Bill

Bill Rowlett · Post by **Bill Rowlett** » 14 Sep 2001 12:46 pm

This is a trojan virus that propogates via email.
http://www.antivirus.com/vinfo/virusencyclo/default5.asp?VName=TROJ_HYBRIS.M

TROJ_HYBRIS.M
Risk rating:
Virus type: Trojan
Destructive: No

Aliases:
HYBRIS.M, Snow White, W32.Hybris.gen, W32/Hybris-M, I-Worm.Hybris.M, W32/Hybris.gen@

Description:
This non-destructive worm is a variant of TROJ_HYBRIS.C. It propagates via email, by sending itself as an attachment to every user listed in the address book of the infected user.

I'll try to explain it to him and maybe he can find a way to clean his system.

Bill [This message was edited by Bill Rowlett on 14 September 2001 at 02:25 PM.]

Dan Dowd · Post by **Dan Dowd** » 15 Sep 2001 6:36 am

I got one yesterday. The header was "joke.z19". Norton antivirus grabbed it.
Not sure if the L is an L or a 1 in the 19. Its listed as a W95.hybris.worm.[This message was edited by Dan Dowd on 15 September 2001 at 07:37 AM.]

George Rozak · Post by **George Rozak** » 15 Sep 2001 1:55 pm

I received the same virus several days ago, but luckily, Norton intercepted it.

Gene Jones · Post by **Gene Jones** » 15 Sep 2001 4:00 pm

I have received the Snow White Ha Ha thing once or twice a month for the past year, including two or three times this month, but Norton always intercepts it.

It doesn't even annoy me anymore, as I just see it as routine housekeeping like sweeping the floor. When I turn on my computer and find one there, I just automatically do the procedure to get rid of it (4 or 5 seconds), and then forget about it.

P.S. Forgot to mention that I got my last one about a week ago, so apparently they are coming from more than one source.[This message was edited by Gene Jones on 15 September 2001 at 05:02 PM.]

Bill Rowlett · Post by **Bill Rowlett** » 19 Sep 2001 10:36 am

I got one at work today from another source too. I just realized that I upgraded computers and did not transfer my kill list from the old browzer to the new one. That is why I suddenly began to see that HaHaHa email again. Same thing for all the Viagra, mortage and credit card spam again.

The new Nimda virus appears to be a real problem one. I noticed a ton of port probes against my firewall last night. According to McAfee, that is one of the characteristics of Nimda transmission over the internet. I hope that I did not pick it up from one of the websites that I visited overnight. I'll have to go home and look for the signs of infection. I keep a seperate hard drive just for internet surfing and email. I don't want the kids to pick up a trogan or virus that could wipe out my family data disk.