Re: Shell32.dll.124.config

["Dave Korn" <davek_throwaway () hotmail com>]

> ----- Original Message -----
> From: "y0himba"
> Sent: Monday, September 05, 2005 4:33 PM

> > Yes I am a "noob".  I have a question though.  Google searches and a
> > few other things can tell me nothing about "shell32.dll.124.config".  I
> > am on WindowsXP SP2, and keep seeing this file show up in antivirus
> > scans, but cannot find it anywhere on the system!  I think it is
> > dynamically created by something, but after sitting and watching Filemon
> > 7.02 for 20 minutes or so, I give up.  Has anyone heard of this file?
> > Antivir, Bitdefender, AVG and Clam all show it on the system, have
> > scanned it, but have found nothing. I have never seen this file before...

----Original Message----
> From: Morning Wood
> Message-Id: BAY19-DAV10034B5749FF0FE3BCF10ED9A70 () phx gbl

> sounds like an ADS ( alternate data stream )

  No it doesn't.  ADS filenames have a ':' as a separator.  That name only
has dots in it and so is not an ADS.  It is part of some kind of known
malware:

http://forums.spywareinfo.com/index.php?showtopic=7447&st=15

  I guess y0himba's AV is detecting the attempt to access this file as
suspicious whether or not it actually exists, but he forgot to mention
anything about what the AV actually _says_ about it.  y0himba, next time
you're reporting an error message, how about actually quoting the text, huh?


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/