Hi All, Just got into work this morning to find our mail server is infected with Win32/Pecoan Virus. Just great! I will post hijack log soon.

im sorry to hear about that madmatt.

Moved to HJT Logs Forum.

Heres the hijackthis log and some info on the payload of the virus is not good!
PayloadDownloads and Executes Arbitrary Files

The trojan attempts to establish communciations with other systems on a custom peer-to-peer network. It connects to certain IP addresses through local UDP port 4000 (Win32/Pecoan.G uses local UDP port 7871) in order to download and execute arbitrary files onto the compromised system.
These IP addresses, along with possible IPs that the trojan blacklists, are stored in a file in the %System% directory. Most variants use the file name "peers.ini", while some variants use the name "wincom32.ini".

Attached Files

hijackthis.log (3.8 KB, 2 views)

Your HijackThis log shows nothing wrong.

Which program detected Win32/Pecoan, and what was the action taken against it?


Then run Panda ActiveScan.

• Once you are on the Panda site click the Scan your PC button
• A new window will open...click the Check Now button
• Enter your Country
• Enter your State/Province
• Enter your e-mail address and click send
• Select either Home User or Company
• Click the big Scan Now button
• If it wants to install an ActiveX component allow it
• It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
• When download is complete, click on My Computer to start the scan
• When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.