Security Basics mailing list archives
Re: Bad Antivirus
From: Melissa Augustine <missy.augustine () gmail com>
Date: Wed, 30 Jan 2013 07:10:43 +0000
I would also ssdeep the two files and see how different they are. will help you determine if you need to do more analysis. I would run in a sandbox to see what the malware does and fix accordingly. or do some research as sality has been out for a while. I know off the top of my head it adds itself to the registry and adds itself as a trusted program to the local FW. if you have the exe's that would be your best bet. Sent from my iPhone On 30 Jan 2013, at 06:08, iamherevivek () gmail com wrote:
Hello, You can compare the actual (safe) exe with the infected ones with something like windiff. I would recommend removing the infected exe, if u have a backup, and put the infected in a sandbox and run tests. If I was in ur situation, I would track each action performed by the infected exe by tracking network activity, processes called and so on. Please PM me, if you need any personalized guidance. Deadbrain. I though I would change the world, but they wouldn't give me the source code. So I ended up hacking it! Sent from BlackBerry® on Airtel -----Original Message----- From: sec.melis () gmail com Sender: listbounce () securityfocus com Date: Tue, 29 Jan 2013 15:30:55 To: <security-basics () securityfocus com> Reply-To: drmarkabaiter () gmail com Subject: Bad Antivirus Dear folks, I have 3 W2K3 servers, each are running same software binary exe files. One month ago, they infected with some rootkits and viruses which later on I know from antivirus detection this malware called sality, ipz, etc. After installing a new antivirus and revealed the malware, some of my software seems not running as expected. At the moment, I suspect that the malware still there because the AV may not capable to clean them all. I tried using 3 or 4 most popular AV, but all were claimed the servers are clean while my software couldn't run smoothly. In fact, some of exe files has been changed in size while I am not sure whether this changed made by viruses or 'bad' AV I just installed. If I try to proof that my exe files has been changed by this 'bad' AV, does anyone know how to proof this things ? By reversing this exe files, is it possible to get which part of the files has changed ? Thank's Ibha ID Sent from my BlackBerry® smartphone from Sinyal Bagus XL, Nyambung Teruuusss...! -- --- You received this message because you are subscribed to the Google Groups "securityfocus2" group. To unsubscribe from this group and stop receiving emails from it, send an email to securityfocus2+unsubscribe () googlegroups com. For more options, visit https://groups.google.com/groups/opt_out.
------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Bad Antivirus sec milis (Jan 29)
- RE: Bad Antivirus Dan Lynch (Jan 31)
- <Possible follow-ups>
- Bad Antivirus sec . melis (Jan 29)
- Re: Bad Antivirus iamherevivek (Jan 29)
- Re: Bad Antivirus Melissa Augustine (Jan 30)
- Re: Bad Antivirus Adam Pal (Jan 30)
- Re: Bad Antivirus Andre Silaghi (Jan 30)
- Re: Bad Antivirus Michael Peppard (Jan 31)
- Re: Bad Antivirus iamherevivek (Jan 29)