Security Incidents mailing list archives
Re: wmon16.exe
From: "Willem Tahon" <tahon () un org>
Date: Mon, 10 May 2004 18:13:24 -0400
Also keep in mind that some of the AV developers require specific handling of viruses (e.g. password-protected zipping) before sending them. |---------+----------------------------> | | Nick FitzGerald | | | <nick () virus-l dem| | | on.co.uk> | | | | | | 10/05/2004 03:31 | | | PM | | | Please respond to| | | nick | | | | |---------+---------------------------->
------------------------------------------------------------------------------------------------------------------------------|
|
|
| To: incidents () securityfocus com
|
| cc:
|
| Subject: Re: wmon16.exe
|
------------------------------------------------------------------------------------------------------------------------------|
"Jason High" <strongcypher () hotmail com> wrote:
I believe that I have a HUGE problem, and I can't find anything anywhere.
Here are our symptoms:
<<snip>>
I am completely lost. No removal tools have worked, no A/V is picking it
up. I've got about four hosts with these symptoms (so far) and I'm just unplugging network cables at this point. Anyone with any pointers?
Further to Harlan's excellent advice, you would do well to forward such
suspect files to your preferred AV developers' sample submission
addresses. To save you having to look them up, here is a list of such
addresses for the better-known developers:
Authentium (Command Antivirus) <virus () authentium com>
Computer Associates (US) <virus () ca com>
Computer Associates (Vet/EZ) <ipevirus () vet com au>
DialogueScience (Dr. Web) <Antivir () dials ru>
Eset (NOD32) <sample () nod32 com>
F-Secure Corp. <samples () f-secure com>
Frisk Software (F-PROT) <viruslab () f-prot com>
Grisoft (AVG) <virus () grisoft cz>
H+BEDV (AntiVir, Vexira engine) <virus () antivir de>
Kaspersky Labs <newvirus () kaspersky com>
Network Associates (McAfee) <virus_research () nai com>
(use a ZIP file with the password 'infected' without the quotes)
Norman (NVC) <analysis () norman no>
Panda Software <labs () pandasoftware com>
Sophos Plc. <support () sophos com>
Symantec (Norton) <avsubmit () symantec com>
Trend Micro (PC-cillin) <virus_doctor () trendmicro com>
(Trend may only accept files from users of its products)
--
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854
---------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------------------------------------------------------------------
----------------------------------------------------------------------------
Current thread:
- wmon16.exe Jason High (May 10)
- Re: wmon16.exe Peter Kosinar (May 10)
- Re: wmon16.exe Harlan Carvey (May 10)
- Re: wmon16.exe KUIJPERS Jimmy (May 10)
- Re: wmon16.exe Nick FitzGerald (May 10)
- RE: wmon16.exe Ken Dunham (May 11)
- <Possible follow-ups>
- RE: wmon16.exe Meidinger Chris (May 10)
- RE: wmon16.exe Levinson, Karl (May 10)
- RE: wmon16.exe lsi (May 11)
- Re: wmon16.exe Willem Tahon (May 11)
- Re: wmon16.exe Nick FitzGerald (May 11)
- RE: wmon16.exe lsi (May 11)
- Re: wmon16.exe Willem Tahon (May 11)