NEW VIRUS - 25th DECEMBER NASTY - TSPY_GOLDUN.BI

[meatologist]

Hey,

Has anyone heard of this little virus that's appeared as of 25th December ?

TSPY_GOLDUN.BI

It cloaks itself as epsonsys.sys - I think... but there is NO info on this when google'ing!

apart from some dodgy french site that (when translated) says something about a guy in France who's machine blue screened on December 25th with an error pointing to epsonsys.sys.

anyway - We had a power cut, our Primary Domain Controller wouldnt boot after we fixed the power problem - booted into safe mode and saw this error to do with epsonsys.sys - so I changed the Binary from 1 to 0 (basically disabled the service) and rebooted ... it booted fine.

So - the service is here in the registry:

HKLM\SYSTEM\CurrentControlSet\Services\epsonsys

but I cant find anything to do with this?!

Can anyone help?

 

[howard_hopkinso]

epsonsys.sys is one of your Epson printer drivers. it is perfectly safe.

The fact that your computer crashed with this drivers means that the driver has probably become corrupted.

Uninstall, and reinstall your printer drivers.

If you`re worried that this driver may be a virus. Check to see where it is located. It should be located in Windows/system32/drivers, or some such bonafide location.

Regards Howard

 

[meatologist]

There is no epson printer installed or ANY printer installed as it's the Primary Domain Controller. not a client machine.

It's definately a virus as it's spreading on the network.

Has ANYONE heard of this virus ?

 

[howard_hopkinso]

Ok I see.

Maybe you should post a Hijackthis log in the security and the web forum.

Try doing an online scan at http://uk.trendmicro-europe.com/consumer/housecall/housecall_launch.php


Regards Howard

 

[Samstoned]

I have epson installed on my net and none of my machine reg has this file in them and not any named driver for it anywhere
do sound like a duck to me