Re: wmon16.exe

[Nick FitzGerald <nick () virus-l demon co uk>]

"Jason High" <strongcypher () hotmail com> wrote:

> I believe that I have a HUGE problem, and I can't find anything anywhere.  
> Here are our symptoms:
<<snip>>
> I am completely lost.  No removal tools have worked, no A/V is picking it 
> up.  I've got about four hosts with these symptoms (so far) and I'm just 
> unplugging network cables at this point.  Anyone with any pointers?

Further to Harlan's excellent advice, you would do well to forward such 
suspect files to your preferred AV developers' sample submission 
addresses.  To save you having to look them up, here is a list of such 
addresses for the better-known developers:

   Authentium (Command Antivirus)  <virus () authentium com>
   Computer Associates (US)        <virus () ca com>
   Computer Associates (Vet/EZ)    <ipevirus () vet com au>
   DialogueScience (Dr. Web)       <Antivir () dials ru>
   Eset (NOD32)                    <sample () nod32 com>
   F-Secure Corp.                  <samples () f-secure com>
   Frisk Software (F-PROT)         <viruslab () f-prot com>
   Grisoft (AVG)                   <virus () grisoft cz>
   H+BEDV (AntiVir, Vexira engine) <virus () antivir de>
   Kaspersky Labs                  <newvirus () kaspersky com>
   Network Associates (McAfee)     <virus_research () nai com>
     (use a ZIP file with the password 'infected' without the quotes)
   Norman (NVC)                    <analysis () norman no>
   Panda Software                  <labs () pandasoftware com>
   Sophos Plc.                     <support () sophos com>
   Symantec (Norton)               <avsubmit () symantec com>
   Trend Micro (PC-cillin)         <virus_doctor () trendmicro com>
     (Trend may only accept files from users of its products)


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854


---------------------------------------------------------------------------
----------------------------------------------------------------------------