|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: wmon16.exe
From: Ken Dunham (dunhamk
rmci.net)
Date: Mon May 10 2004 - 17:44:57 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Greetings,
iDEFENSE will do an analysis of code as well. Send it to:
malcodeidefense.com
Ken
-----Original Message-----
From: Nick FitzGerald [mailto:nickvirus-l.demon.co.uk]
Sent: Monday, May 10, 2004 1:31 PM
To: incidentssecurityfocus.com
Subject: Re: wmon16.exe
"Jason High" <strongcypherhotmail.com> wrote:
> I believe that I have a HUGE problem, and I can't find anything anywhere.
> Here are our symptoms:
<<snip>>
> I am completely lost. No removal tools have worked, no A/V is picking
> it up. I've got about four hosts with these symptoms (so far) and I'm
> just unplugging network cables at this point. Anyone with any pointers?
Further to Harlan's excellent advice, you would do well to forward such
suspect files to your preferred AV developers' sample submission addresses.
To save you having to look them up, here is a list of such addresses for the
better-known developers:
Authentium (Command Antivirus) <virusauthentium.com>
Computer Associates (US) <virusca.com>
Computer Associates (Vet/EZ) <ipevirusvet.com.au>
DialogueScience (Dr. Web) <Antivirdials.ru>
Eset (NOD32) <samplenod32.com>
F-Secure Corp. <samplesf-secure.com>
Frisk Software (F-PROT) <viruslabf-prot.com>
Grisoft (AVG) <virusgrisoft.cz>
H+BEDV (AntiVir, Vexira engine) <virusantivir.de>
Kaspersky Labs <newviruskaspersky.com>
Network Associates (McAfee) <virus_researchnai.com>
(use a ZIP file with the password 'infected' without the quotes)
Norman (NVC) <analysisnorman.no>
Panda Software <labspandasoftware.com>
Sophos Plc. <supportsophos.com>
Symantec (Norton) <avsubmitsymantec.com>
Trend Micro (PC-cillin) <virus_doctortrendmicro.com>
(Trend may only accept files from users of its products)
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]