Full Disclosure mailing list archives
Re: Shell32.dll.124.config
From: "Dave Korn" <davek_throwaway () hotmail com>
Date: Tue, 6 Sep 2005 14:40:15 +0100
----- Original Message ----- From: "y0himba" Sent: Monday, September 05, 2005 4:33 PM
Yes I am a "noob". I have a question though. Google searches and a few other things can tell me nothing about "shell32.dll.124.config". I am on WindowsXP SP2, and keep seeing this file show up in antivirus scans, but cannot find it anywhere on the system! I think it is dynamically created by something, but after sitting and watching Filemon 7.02 for 20 minutes or so, I give up. Has anyone heard of this file? Antivir, Bitdefender, AVG and Clam all show it on the system, have scanned it, but have found nothing. I have never seen this file before...
----Original Message----
From: Morning Wood Message-Id: BAY19-DAV10034B5749FF0FE3BCF10ED9A70 () phx gbl
sounds like an ADS ( alternate data stream )
No it doesn't. ADS filenames have a ':' as a separator. That name only has dots in it and so is not an ADS. It is part of some kind of known malware: http://forums.spywareinfo.com/index.php?showtopic=7447&st=15 I guess y0himba's AV is detecting the attempt to access this file as suspicious whether or not it actually exists, but he forgot to mention anything about what the AV actually _says_ about it. y0himba, next time you're reporting an error message, how about actually quoting the text, huh? cheers, DaveK -- Can't think of a witty .sigline today.... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Shell32.dll.124.config y0himba (Sep 05)
- Re: Shell32.dll.124.config Morning Wood (Sep 05)
- RE: Shell32.dll.124.config y0himba (Sep 05)
- Re: Shell32.dll.124.config Dave Korn (Sep 06)
- RE: Re: Shell32.dll.124.config y0himba (Sep 06)
- Re: Shell32.dll.124.config Morning Wood (Sep 05)