Security Incidents mailing list archives
Re: strange software > winsupdater.exe
From: Justin <justin () jfoobar com>
Date: Wed, 16 Mar 2005 13:57:38 -0500
On Wed, 2005-03-16 at 12:53 +1300, Nick FitzGerald wrote:
Filenames are all but totally useless for diagnosing malware, spyware _AND_ the normal operation of a system.
Amen. Trying to disguise itself as something related to Windows Update is a fairly common tactic for Trojans.
If you suspect the file may be some (new) undesirable thing, send copies to your preferred antivirus (and possibly other "security") product developers asking them for an analysis and to add detection and removal if it turns out that it really is "undesirable" by their standard.
Start with Kaspersky. They have the best track record of detecting Trojans of any of the scanners I work with. Go to their website and upload the file to their online virus scanner: http://www.kaspersky.com/scanforvirus Better yet, upload it at VirusTotal.com and it will scan it against several updated engines. Regards, Justin
Current thread:
- strange software > winsupdater.exe SDA (Mar 15)
- Re: strange software > winsupdater.exe Nick FitzGerald (Mar 16)
- Re: strange software > winsupdater.exe Justin (Mar 16)
- Re: strange software > winsupdater.exe Jeremy Anderson (Mar 17)
- Re: strange software > winsupdater.exe Nick FitzGerald (Mar 28)
- Re: strange software > winsupdater.exe Paul Laudanski (Mar 28)
- Re: strange software > winsupdater.exe Justin (Mar 16)
- Pubstro rash David Gillett (Mar 17)
- Re: Pubstro rash Mark Coleman (Mar 17)
- RE: Pubstro rash Steve Drees (Mar 17)
- RE: Pubstro rash Alexandre Skyrme (Mar 17)
- Re: Pubstro rash Jeff Kell (Mar 18)
- RE: Pubstro rash David Gillett (Mar 18)
- Re: strange software > winsupdater.exe Nick FitzGerald (Mar 16)