Full Disclosure mailing list archives
RE: (no subject)
From: "Andrew R. Reiter" <arr () watson org>
Date: Fri, 3 Jun 2005 12:57:02 -0400 (EDT)
Have you pushed it through Normon Sandbox? On Fri, 3 Jun 2005, Todd Towles wrote: :This could be another bot running on the same filename, but here is :something I found on google : :Norton Antivirus 2004(vir def may-2005) report wintcpmod.exe is infected :with W32.DSS.Trojan. The file was deleted and WinXP Sp2 work without :problems. : : http://www.what-process.com/process-info.aspx?p=wintcpmod.exe.exe : :> -----Original Message----- :> From: full-disclosure-bounces () lists grok org uk :> [mailto:full-disclosure-bounces () lists grok org uk] On Behalf :> Of andy mueller :> Sent: Friday, June 03, 2005 8:17 AM :> To: full-disclosure () lists grok org uk :> Subject: [Full-disclosure] (no subject) :> :> :> :> HI people I have had "wintcpmod" as well so I submitted it :> to norton antivirus and they came back to me with this: :> :> :> :> We have analyzed your submission. The following is a report of our :> findings for each file you have submitted: :> :> filename: C:\WINDOWS\system32\wintcpmod.exe :> machine: ALIEN :> result: This file is infected with Backdoor.Trojan :> :> Developer notes: :> C:\WINDOWS\system32\wintcpmod.exe is non-repairable threat. NAV with :> the latest rapidrelease definition detects this. Please delete this :> file and replace it if neccessary. Please follow the :> instruction at the :> end of this email message to install the latest rapidrelease :> definitions. :> :> :> :> Symantec Security Response has determined that the sample(s) that you :> provided are infected with a virus, worm, or Trojan. We have created :> RapidRelease definitions that will detect this threat. Please :> follow the :> instruction at the end of this email message to download and install :> the latest RapidRelease definitions. :> Downloading and Installing RapidRelease Definition Instructions: :> 1. Open your Web browser. If you are using a dial-up :> connection, connect :> to any Web site, such as: http://securityresponse.symantec.com/ :> 2. Click this link to the ftp site: :> ftp://ftp.symantec.com/public/english_us_canada/antivirus_defi :> nitions/norton_antivirus/rapidrelease/symrapidreleasedefsi32.exe. :> If it does not go to the site (this could take a minute or so if you :> have a slow connection), copy and paste the address into the :> address bar :> of your Web browser and then press Enter. :> 3. When a download dialog box appears, save the file to the Windows :> desktop. :> 4. Double-click the downloaded file and follow the prompts. :> ---------------------------------------------------------------------- :> This message was generated by Symantec Security Response automation :> :> Should you have any questions about your submission, please contact :> our regional technical support from the Symantec website :> (http://www.symantec.com/techsupp/) :> and give them the tracking number in the subject of this message. :> :> _________________________________________________________________ :> Winks & nudges are here - download MSN Messenger 7.0 today! :> http://messenger.msn.co.uk :> :> _______________________________________________ :> Full-Disclosure - We believe in it. :> Charter: http://lists.grok.org.uk/full-disclosure-charter.html :> Hosted and sponsored by Secunia - http://secunia.com/ :> :_______________________________________________ :Full-Disclosure - We believe in it. :Charter: http://lists.grok.org.uk/full-disclosure-charter.html :Hosted and sponsored by Secunia - http://secunia.com/ : : -- Andrew R. Reiter arr () watson org _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- (no subject) andy mueller (Jun 03)
- <Possible follow-ups>
- RE: (no subject) Todd Towles (Jun 03)
- RE: (no subject) Andrew R. Reiter (Jun 03)