Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Strange servicepack.exe file (not service.exe) found.

From: "James C Slora Jr" <Jim.Slora () phra com>
Date: Wed, 17 Dec 2003 17:15:02 -0000
Eric Chien wrote Wednesday, December 17, 2003 10:31


--- Chip Mefford <cmefford () avwashington com> wrote:

Running in the task manager on a windows 98 box on our lan. The 
machine was misbehaving badly yesterday

[cut]

I've posted the file "servicepack.exe" in zipped and tarred formats 
both at this url.


This is a variant of RapidBlaster.  See
http://securityresponse.symantec.com/avcenter/venc/data/dialer
.rapidblaster.html



How fun is this, though - Symantec's response today says the file contains
no malicious code. So nothing ever happened on the machine that had to be
rebuilt. Hmmmm.
 
Of course the servicepack.exe file could have been a downloaded byproduct of
another infection on the affected machine.


-----Original Message-----
From: SecurityResponse () symantec com 
[mailto:SecurityResponse () symantec com] 
Sent: Wednesday, December 17, 2003 16:51
To: Jim.Slora () phra com
Subject: [CLOSING]: Symantec Security Response Automation: 
Tracking #3555918


This message is an automatically generated reply.  This 
system is designed to analyze and process virus submissions 
into the Symantec Security Response and cannot accept 
correspondence or inquiries. 
Please contact your Technical Support representative if more 
detailed information about your submission is required.  Do 
not reply to this message.

Below is a status update on your virus submission:

Date: December 17, 2003

Jim Slora
   


Dear Jim Slora,

We have analyzed your submission.  The following is a report 
of our findings for each file you have submitted:

filename: README.TXT
machine: AVCAutomation:
result: See the developer notes 

filename: servicepack.exe
machine: AVCAutomation:
result: See the developer notes 

Developer notes:
README.TXT does not appear to contain malicious code. 
servicepack.exe contains no malicious code. It is used to 
access a pornographic service. It is safe to delete this file. 


Our automated system has performed an extensive analysis on 
the file(s) that you have submitted and found no evidence of 
malicious code. If you have additional evidence to suggest 
that a malicious program still resides in the file that was 
submitted to us, please contact Symantec Technical Support 
for assistance.

Should you have any questions about your submission, please 
contact your regional technical support from the Symantec 
website and give them the tracking number in the subject of 
this message.

--------------------------------------------------------------
---------
This message was generated by Symantec Security Response automation.

For USA:
For electronic support options, Symantec provides On-Line 
Services at http://www.symantec.com/techsupp/


--------------------------------------------




---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: