Re: Netdetect.exe with backdoor? (ICQ)

Subject: Re: Netdetect.exe with backdoor? (ICQ)
From: Vladimir Dubrovin (vladSANDY.RU)
Date: Mon Jan 17 2000 - 10:07:51 CST

• Next message: Bennett Todd: "Re: Secure coding in C (was Re: Administrivia #4883)"
• Previous message: Sachs, Marcus: "Re: ICQ >= 99* + CC Data"
• In reply to: Jon Hadley: "Re: Netdetect.exe with backdoor? (ICQ)"
• Next in thread: Jon Hadley: "Re: Netdetect.exe with backdoor? (ICQ)"
• Reply: Vladimir Dubrovin: "Re: Netdetect.exe with backdoor? (ICQ)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hello Jon Hadley,

17.01.00 16:28, you wrote: Netdetect.exe with backdoor? (ICQ);

J> Hi,

J> AVP just gave me a post lunch break heart attack and reported the same
J> Trojan infection for my older build of ICQ (again only downloaded from
J> trusted sources). I assume, as Brad Griffin mentions, that AVP mistakes the

This is well-known problem in one of old AVP virus bases releases, and
this fact means you didn't updated your bases for a few months. You
are at high risk in this situation. Update bases from
ftp://ftp.avp.ru/updates or ftp://ftp.avp.ru/bases

J> connection monitoring activities of Ndetect as Trojan activity.

J> A quick search of various virus sites suggests that AVP is mistaking Ndetect
J> for SubSeven, a 'fairly advanced' Trojan that uses ICQ / Email to notify the
J> originator that the victim is online.

  +=-=-=-=-=-=-=-=-=+
  |Vladimir Dubrovin|
  | Sandy Info, ISP |
  +=-=-=-=-=-=-=-=-=+

• Next message: Bennett Todd: "Re: Secure coding in C (was Re: Administrivia #4883)"
• Previous message: Sachs, Marcus: "Re: ICQ >= 99* + CC Data"
• In reply to: Jon Hadley: "Re: Netdetect.exe with backdoor? (ICQ)"
• Next in thread: Jon Hadley: "Re: Netdetect.exe with backdoor? (ICQ)"
• Reply: Vladimir Dubrovin: "Re: Netdetect.exe with backdoor? (ICQ)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b27 : Mon Jan 17 2000 - 10:25:56 CST