RE: NAV (or any AV tool) and MSBlast

["L G" <safeer_00 () msn com>]

I believe, at least in theory, unless the infected filename, or name of the 
worm (msblast.exe)for that matter, is not changed, the file will stay in 
quarantine, until removed and/or cleaned, thereby not enabling the same 
filename to be run.

> From: L G [mailto:safeer_00 () msn com]
> Sent: Wednesday, August 13, 2003 1:55 PM
> To: full-disclosure () lists netsys com
> Subject: [Full-disclosure] NAV (or any AV tool) and MSBlast
>
>
> Hi all,
>
> A quick query...
>
> If an XP machine has the most recent NAV definitions, and the machine is 
> hit
> by the RPC worm (msblast or any variant for which AV signature exists)
>
> 1. Will the file get quarantined?
>
> 2. If the machine is already infected, given that av will catch it during a
> scan, after a reboot will msblast.exe continue to infect the computer or
> could it be assumed "safe" in the quarantine folder?
>
> 3. In short, what protection does any AV provide other than the fact that
> the user is told that the machine is infected?
>
> Thanks.
>
> _________________________________________________________________
> MSN 8 with e-mail virus protection service: 2 months FREE*
> http://join.msn.com/?page=features/virus
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_________________________________________________________________
Help STOP SPAM with the new MSN 8 and get 2 months FREE*  
http://join.msn.com/?page=features/junkmail

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html