Vulnerability Development mailing list archives
Re: Netdetect.exe with backdoor? (ICQ)
From: jonh () APAK CO UK (Jon Hadley)
Date: Mon, 17 Jan 2000 16:45:35 -0000
Indeed it is .... AVP isn't my usual virus scanner, I ran an old copy over lunch to verify the previous post. On another note, the contents of my inbox swelled considerably after posting, with various Xmas holiday out-of-office replies ... lucky for some .. wot's wrong with sticking a rule in to ignore list posts? ;oÞ
-----Original Message----- From: Vladimir Dubrovin [SMTP:vlad () sandy ru] Sent: Monday, January 17, 2000 4:08 PM To: Jon Hadley Cc: VULN-DEV () SECURITYFOCUS COM Subject: Re[2]: Netdetect.exe with backdoor? (ICQ) Hello Jon Hadley, 17.01.00 16:28, you wrote: Netdetect.exe with backdoor? (ICQ); J> Hi, J> AVP just gave me a post lunch break heart attack and reported the same J> Trojan infection for my older build of ICQ (again only downloaded from J> trusted sources). I assume, as Brad Griffin mentions, that AVP mistakes the This is well-known problem in one of old AVP virus bases releases, and this fact means you didn't updated your bases for a few months. You are at high risk in this situation. Update bases from ftp://ftp.avp.ru/updates or ftp://ftp.avp.ru/bases J> connection monitoring activities of Ndetect as Trojan activity. J> A quick search of various virus sites suggests that AVP is mistaking Ndetect J> for SubSeven, a 'fairly advanced' Trojan that uses ICQ / Email to notify the J> originator that the victim is online. +=-=-=-=-=-=-=-=-=+ |Vladimir Dubrovin| | Sandy Info, ISP | +=-=-=-=-=-=-=-=-=+
Current thread:
- Re: Netdetect.exe with backdoor? (ICQ) Jon Hadley (Jan 17)
- Re: Netdetect.exe with backdoor? (ICQ) Vladimir Dubrovin (Jan 17)
- <Possible follow-ups>
- Re: Netdetect.exe with backdoor? (ICQ) Jon Hadley (Jan 17)