Re: Puzzled....

[Jean-Marie Monnier <kedves () attglobal net>]

Aditya, thanks a lot!

As a matter of fact, the following procedure "try rebooting in safe mode 
and running the scan" provided to me by Stephen Blass 
<Stephen.Blass () asu edu> did the trick.

I also got from Bernardo Quintero <bernardo () hispasec com> this 
alternate solution (untested, as the file seems to be deleted right 
away, as you pointed out),
"Create a new message with scan () virustotal com as destination of such 
e-mail Put only SCAN in the subject field
Attach the file to be scanned You will receive an e-mail with a report 
of the tile analysis." Merci to all!
jmm

> This is a typical behavior where the resident sheild simply put the 
> file in quarantine or deletes the file is this what is happening 
> please see the options to see what AVG is doing ....
>  
>  
> -aditya
>
>     -----Original Message-----
>     From: full-disclosure-admin () lists netsys com
>     [mailto:full-disclosure-admin () lists netsys com]On Behalf Of
>     Jean-Marie Monnier
>     Sent: Wednesday, August 04, 2004 12:06 AM
>     To: full-disclosure () lists netsys com
>     Subject: [Full-disclosure] Puzzled....
>
>     Since mid day today, I am flooded with interrupts from AVG
>     resident shield  yelling at me; and saying, in a nice little box..:.
>     =================================
>      Virus                                                   
>                !  
>     Trojan horse Downloader Crypter C             !
>                                                                             
>     !
>     is found in file                                                  !
>     C\WINDOWS\TEMP\WKNxxxx.exe           ! <=  (xxxx taking all kind
>     of values, the most recent one being A0803 )
>                                                                             
>     !
>     to remove this virus, run AVG for Windows !
>     ____________________________________!
>
>     Running AVG doesn't find  anything.....   Any clues?    Thanks in
>     advance for any... jm    (retired IBM'er... yes, it shows.. :-[ )
>
> Delivered using the Free Personal Edition of Mailtraq 
> (www.mailtraq.com) <http://www.mailtraq.com>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html