Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Full-Disclosure] Puzzled....
From: Jean-Marie Monnier (kedvesattglobal.net)
Date: Wed Aug 04 2004 - 02:13:37 CDT
Aditya, thanks a lot!
As a matter of fact, the following procedure "try rebooting in safe mode
and running the scan" provided to me by Stephen Blass
<Stephen.Blassasu.edu> did the trick.
I also got from Bernardo Quintero <bernardohispasec.com> this
alternate solution (untested, as the file seems to be deleted right
away, as you pointed out),
"Create a new message with scanvirustotal.com as destination of such
e-mail Put only SCAN in the subject field
Attach the file to be scanned You will receive an e-mail with a report
of the tile analysis." Merci to all!
> This is a typical behavior where the resident sheild simply put the
> file in quarantine or deletes the file is this what is happening
> please see the options to see what AVG is doing ....
> -----Original Message-----
> From: full-disclosure-adminlists.netsys.com
> [mailto:full-disclosure-adminlists.netsys.com]On Behalf Of
> Jean-Marie Monnier
> Sent: Wednesday, August 04, 2004 12:06 AM
> To: full-disclosurelists.netsys.com
> Subject: [Full-Disclosure] Puzzled....
> Since mid day today, I am flooded with interrupts from AVG
> resident shield yelling at me; and saying, in a nice little box..:.
> Trojan horse Downloader Crypter C !
> is found in file !
> C\WINDOWS\TEMP\WKNxxxx.exe ! <= (xxxx taking all kind
> of values, the most recent one being A0803 )
> to remove this virus, run AVG for Windows !
> Running AVG doesn't find anything..... Any clues? Thanks in
> advance for any... jm (retired IBM'er... yes, it shows.. :-[ )
> Delivered using the Free Personal Edition of Mailtraq
> (www.mailtraq.com) <http://www.mailtraq.com>
Full-Disclosure - We believe in it.