cancel
Showing results for 
Search instead for 
Did you mean: 

New Variant of coreflood!mem / coreflood.dll / coreflood.dr ?

Has any one else seen a large amount of systems seeing a possible new variant of this. Acting exactly as the old one reported a year or so back. Within the last 2 weeks we have seen roughly 300 of our systems become infiected with a possible new variant.

Threat Target File Path:C:\WINDOWS\Explorer.EXE
Event Category:Malware detected
Event ID:1027
Threat Severity:Alert
Threat Name:Coreflood!mem
Threat Type:Trojan
Action Taken:Deleted
Threat Handled:true

Threat Target File Path:c:\WINDOWS\system32\wpdslutj.ocx
Event Category:Malware detected
Event ID:1027
Threat Severity:Alert
Threat Name:CoreFlood.dll
Threat Type:Trojan
Action Taken:Deleted
Threat Handled:true

Threat Target File Path:C:\WINDOWS\jre620.exe
Event Category:Malware detected
Event ID:1027
Threat Severity:Alert
Threat Name:Coreflood.dr
Threat Type:Trojan
Action Taken:Deleted
Threat Handled:true
16 Replies
dpbeck
Level 7
Report Inappropriate Content
Message 2 of 17

Re: New Variant of coreflood!mem / coreflood.dll / coreflood.dr ?

6 systems over the weekend with Coreflood!mem.    C:\windows\explorer.exe  

Have any luck removing this?

Re: New Variant of coreflood!mem / coreflood.dll / coreflood.dr ?

From what i understand there isnt a fix for it yet, just a .dat that will hide the notification. I was curious to find out if anyone else in the community was starting to see this..

dpbeck
Level 7
Report Inappropriate Content
Message 4 of 17

Re: New Variant of coreflood!mem / coreflood.dll / coreflood.dr ?

We noticed yesterday's DAT seemed to remove the detection of this.   However, we are still seeing C&C traffic comming from these machines.  Nice of McAfee to make us feel better without fixing anything.

dpbeck
Level 7
Report Inappropriate Content
Message 5 of 17

Re: New Variant of coreflood!mem / coreflood.dll / coreflood.dr ?

Here is the virus total on the OCX files we have been finding on these machines.  We have made submissions to webimmune.

http://www.virustotal.com/analisis/4bf85e5f2913469c9849c4e1b36061efa9cb6bb3756f19262b228053137dbf21-...

Re: New Variant of coreflood!mem / coreflood.dll / coreflood.dr ?

Have you submitted samples to webimmune? this would help us determine if the detection is valid or false and can classify accordingly.

Follow Sam's instructions to submit samples.

Re: New Variant of coreflood!mem / coreflood.dll / coreflood.dr ?

Is there a solution for the Coreflood!mem trojan?  I tried using the McAfee's Stinger and it says that it has been deleted, but it comes right back like a zombie.

Re: New Variant of coreflood!mem / coreflood.dll / coreflood.dr ?

Its funny that you have posted this today as last nights scans detected this again. I havent made it into work as of yet, and im not the one admining this. however i will see what i can find out. Is anyone else in the community detecting this again all of a sudden, or is there possibly a new variant out..

Thanks.

Brad

Re: New Variant of coreflood!mem / coreflood.dll / coreflood.dr ?

Has anyone found out how to remove this virus?  We are seeing it come up on comptuers and it is not being removed.  I opened a case with Mcafee yesterday and haven't heard anything from them.  

Highlighted

Re: New Variant of coreflood!mem / coreflood.dll / coreflood.dr ?

I got hit with this over the weekend and no "removal" tool would work.  It wouldn't even let me use some of the bigger known malware tools.  I could install them, but the virus would disable them.  Tried McAfee's Stinger in both Safe Mode and regular bootup.  It would find it and it said it was removed, but every reboot would bring it back.  I also couldn't delete the startup registry lines in msconfig.

I just went ahead and reformatted the drive and reinstalled XP. 

Just to note, I was using McAfee Anti-Virus Plus 2009 (with updated DAT and subscription).

Message was edited by: Slick91 on 3/1/10 3:06:12 PM CST

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community