Full Disclosure mailing list archives
RE: Removal?
From: "Mike" <mjcarter () ihug co nz>
Date: Tue, 3 Feb 2004 20:51:47 +1300
It appears you might have a variant of Petch/Pica , try this link http://securityresponse.symantec.com/avcenter/venc/data/vbs.shania.html and use the intelligent updater. You might need to use something like filemon, tcpview and/or process explorer to capture what it's doing and track the process you need to kill, then delete the files. All are available here http://www.sysinternals.com Regards Mike -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com]On Behalf Of axid3j1al axid3j1al Sent: Tuesday, February 03, 2004 7:03 PM To: full-disclosure () lists netsys com Subject: [Full-disclosure] Removal? How do I delete the virus that is not detectable by norton av (latest definitions) but has the files c:\windows\system32\f~q\fag.exe c:\windows\system32\f~q\usr_crt.dll i.e. what program do I kill to do a attrib -h -r -s *.* ; del. ? thanks _________________________________________________________________ Get less junk mail with ninemsn Premium. Click here http://ninemsn.com.au/premium/landing.asp _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Removal? axid3j1al axid3j1al (Feb 02)
- RE: Removal? Mike (Feb 03)
- Re: Removal? Nico Golde (Feb 03)
- <Possible follow-ups>
- RE: Removal? Schmehl, Paul L (Feb 03)
- RE: Removal? axid3j1al axid3j1al (Feb 03)
- RE: Removal? Paul Schmehl (Feb 03)
- Message not available
- Re: Removal? Anders (Feb 04)
- RE: Removal? Paul Schmehl (Feb 03)
- RE: Removal? axid3j1al axid3j1al (Feb 03)