Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Removal?

From: "Mike" <mjcarter () ihug co nz>
Date: Tue, 3 Feb 2004 20:51:47 +1300
It appears you might have a variant of Petch/Pica , try this link
http://securityresponse.symantec.com/avcenter/venc/data/vbs.shania.html
and use the intelligent updater.

You might need to use something like filemon, tcpview and/or process
explorer to capture what it's doing and track the process you need to kill,
then delete the files.

All are available here http://www.sysinternals.com

Regards
Mike


-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com]On Behalf Of axid3j1al
axid3j1al
Sent: Tuesday, February 03, 2004 7:03 PM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Removal?



How do I delete the virus that is not detectable by norton av (latest
definitions)


but has the files
c:\windows\system32\f~q\fag.exe
c:\windows\system32\f~q\usr_crt.dll

i.e. what program do I kill to do a attrib -h -r -s *.* ; del. ?


thanks

_________________________________________________________________
Get less junk mail with ninemsn Premium. Click here
http://ninemsn.com.au/premium/landing.asp

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: