Full Disclosure mailing list archives
RE: Where to submit a suspected trojan or virus?
From: "Donahue, Pat" <pdonahue () acmicorp com>
Date: Fri, 3 Sep 2004 14:38:49 -0400
Hi Scenobro, I've had success sending the file to McAfefe's AVERT WebImmune (http://www.webimmunite.net). You can register as a new user and submit through the web interface, or you can simply e-mail the file to virus_research () nai com. I'd recommend registering as they will provide you with the scan result immediately. Additionally, if you use McAfee, they will provide you with updated virus definition files to clean the machine. Best of luck, Pat -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Kyle Maxwell Sent: Friday, September 03, 2004 12:23 PM To: Scenobro Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Where to submit a suspected trojan or virus? On Fri, 03 Sep 2004 06:00:27 +0200, Scenobro <scenobro () tiscali it> wrote:
I found an explorer.exe in my system32 folder which I believe take precedence over the real explorer.exe located in c:\windows. It's a 92K file that seems to be a visual basic program. Among the strings contained in it there is a "C:\TestDL.exe" which I didn't find
on my disk and a url "http://www.getupdate.com/TestDownload.exe"; which
does't exists. (the home page of that site is a textfile containing only "SB2"). I sent the file to virustotal.com and they found nothing. Where I can send this file for analysis?
The Internet Storm Center also has a malware analysis group, and they coordinate with the major AV vendors; you can submit the file and relevant information at http://isc.sans.org/contact.php or via email to isc () sans org (I think). -- Kyle Maxwell [krmaxwell () gmail com] _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Where to submit a suspected trojan or virus? Scenobro (Sep 02)
- Re: Where to submit a suspected trojan or virus? Über GuidoZ (Sep 03)
- Re: Where to submit a suspected trojan or virus? Kyle Maxwell (Sep 03)
- Re: Where to submit a suspected trojan or virus? Harlan Carvey (Sep 03)
- Re: Where to submit a suspected trojan or virus? Scenobro (Sep 03)
- Re: Where to submit a suspected trojan or virus? Harlan Carvey (Sep 03)
- <Possible follow-ups>
- RE: Where to submit a suspected trojan or virus? John LaCour (Sep 03)
- RE: Where to submit a suspected trojan or virus? DSardina (Sep 03)
- RE: Where to submit a suspected trojan or virus? Donahue, Pat (Sep 03)