Re: Bad Antivirus

["Adam Pal" <carpathin.wolf () gmx net>]

Hi,

might be off-topic but:
it is the meaning of a mailing list to discuss things in here, i am realy upset when i read in a list or a forum things 
like "PM for more details" or "send you the answer via PM", i mean are we here to share knowledge or to keep it secret?!

BR
Adam Pal

-------- Original-Nachricht --------
> Datum: Wed, 30 Jan 2013 06:08:07 +0000
> Von: iamherevivek () gmail com
> An: drmarkabaiter () gmail com, security-basics () securityfocus com
> Betreff: Re: Bad Antivirus

> Hello,
>
> You can compare the actual (safe) exe with the infected ones with
> something like windiff.
>
> I would recommend removing the infected exe, if u have a backup, and put
> the infected in a sandbox and run tests.
>
> If I was in ur situation, I would track each action performed by the
> infected exe by tracking network activity, processes called and so on.
>
> Please PM me, if you need any personalized guidance.
>
> Deadbrain.
> I though I would change the world, but they wouldn't give me the source
> code.
> So I ended up hacking it!
> Sent from BlackBerry® on Airtel
>
> -----Original Message-----
> From: sec.melis () gmail com
> Sender: listbounce () securityfocus com
> Date: Tue, 29 Jan 2013 15:30:55 
> To: <security-basics () securityfocus com>
> Reply-To: drmarkabaiter () gmail com
> Subject: Bad Antivirus
>
> Dear folks,
>
> I have 3 W2K3 servers, each are running same software binary exe files.
> One month ago, they infected with some rootkits and viruses which later on I
> know from antivirus detection this malware called sality, ipz, etc.
> After installing a new antivirus and revealed the malware, some of my
> software seems not running as expected. At the moment, I suspect that the
> malware still there because the AV may not capable to clean them all. I tried
> using 3 or 4 most popular AV, but all were claimed the servers are clean
> while my software couldn't run smoothly. In fact, some of exe files has been
> changed in size while I am not sure whether this changed made by viruses or
> 'bad' AV I just installed.
> If I try to proof that my exe files has been changed by this 'bad' AV,
> does anyone know how to proof this things ? By reversing this exe files, is it
> possible to get which part of the files has changed ?
>
> Thank's
>
> Ibha ID
> Sent from my BlackBerry® smartphone from Sinyal Bagus XL, Nyambung
> Teruuusss...!
>
> -- 
>
> --- 
> You received this message because you are subscribed to the Google Groups
> "securityfocus2" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to securityfocus2+unsubscribe () googlegroups com.
> For more options, visit https://groups.google.com/groups/opt_out.

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------