Full Disclosure mailing list archives

Virus, whether the scanners say so or not?

From: "Scott Phelps / Dreamwright Studios" <scottp () dreamwright com>
Date: Mon, 1 Sep 2003 09:09:01 -0400



I just got this from a co-workers computer. I've run it against 4 virus
scanners I have around (after running each one's definition update) and
nothing recognized it.

It really looks like W32.HLLW.Moega
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.moega.html

But Symantec says it should catch it, which it doesn't. It looks like the
thing has been on his machine for about a month, and he's on an open cable
connection (Symantec mentions a trojan in moega) so I would like to know
what the payload is. It's a larger file than what Symantec has listed for
moega also.

Anybody seen it, or have a scanner that recognizes it?


D  R  E  A  M  W  R  I  G  H  T    S  T  U  D  I  O  S                  
Dreamwright.com  - Web Design, Graphic Design, & Custom Software Programming
704-548-8653 office/fax  1-866-47-MY-WEB
PO Box 480188   Charlotte, NC 28269

Attachment: wupdated.zip
Description:

Attachment: smime.p7s
Description:

Current thread:

Virus, whether the scanners say so or not? Scott Phelps / Dreamwright Studios (Sep 01)
- Re: Virus, whether the scanners say so or not? Bennett Todd (Sep 01)
- Re: Virus, whether the scanners say so or not? Paul Schmehl (Sep 01)
- Re: Virus, whether the scanners say so or not? misiu_ (Sep 01)
- Re: Virus, whether the scanners say so or not? gregh (Sep 01)
- Random SoBig.F Thoughts Jason Coombs (Sep 01)
  - Tracking a virus by logging infected machines Richard M. Smith (Sep 01)
    - Re: Tracking a virus by logging infected machines Ralf (Sep 01)
    - Re: Tracking a virus by logging infected machines Marcus Graf (Sep 02)
    - Re: Tracking a virus by logging infected machines morning_wood (Sep 02)
    - Re: Tracking a virus by logging infected machines Joel R. Helgeson (Sep 02)

(Thread continues...)