Full Disclosure mailing list archives
Re: Puzzled....
From: Jean-Marie Monnier <kedves () attglobal net>
Date: Wed, 04 Aug 2004 09:13:37 +0200
Aditya, thanks a lot!As a matter of fact, the following procedure "try rebooting in safe mode and running the scan" provided to me by Stephen Blass <Stephen.Blass () asu edu> did the trick.
I also got from Bernardo Quintero <bernardo () hispasec com> this alternate solution (untested, as the file seems to be deleted right away, as you pointed out), "Create a new message with scan () virustotal com as destination of such e-mail Put only SCAN in the subject field Attach the file to be scanned You will receive an e-mail with a report of the tile analysis." Merci to all!
jmm
This is a typical behavior where the resident sheild simply put the file in quarantine or deletes the file is this what is happening please see the options to see what AVG is doing .... -aditya-----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of Jean-Marie Monnier Sent: Wednesday, August 04, 2004 12:06 AM To: full-disclosure () lists netsys com Subject: [Full-disclosure] Puzzled.... Since mid day today, I am flooded with interrupts from AVG resident shield yelling at me; and saying, in a nice little box..:. =================================Virus ! Trojan horse Downloader Crypter C ! !is found in file ! C\WINDOWS\TEMP\WKNxxxx.exe ! <= (xxxx taking all kind of values, the most recent one being A0803 )!to remove this virus, run AVG for Windows ! ____________________________________! Running AVG doesn't find anything..... Any clues? Thanks in advance for any... jm (retired IBM'er... yes, it shows.. :-[ )Delivered using the Free Personal Edition of Mailtraq (www.mailtraq.com) <http://www.mailtraq.com>
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Puzzled.... Jean-Marie Monnier (Aug 03)
- RE: Puzzled.... Aditya, ALD [Aditya Lalit Deshmukh] (Aug 03)
- Re: Puzzled.... Jean-Marie Monnier (Aug 04)
- RE: Puzzled.... Aditya, ALD [Aditya Lalit Deshmukh] (Aug 03)