Re: Netdetect.exe with backdoor? (ICQ)

[jonh () APAK CO UK (Jon Hadley)]

Indeed it is .... AVP isn't my usual virus scanner, I ran an old copy over
lunch to verify the previous post.

On another note, the contents of my inbox swelled considerably after
posting, with various Xmas holiday out-of-office replies ... lucky for some
.. wot's wrong with sticking a rule in to ignore list posts? ;oÞ

> -----Original Message-----
> From: Vladimir Dubrovin [SMTP:vlad () sandy ru]
> Sent: Monday, January 17, 2000 4:08 PM
> To:   Jon Hadley
> Cc:   VULN-DEV () SECURITYFOCUS COM
> Subject:      Re[2]: Netdetect.exe with backdoor? (ICQ)
>
> Hello Jon Hadley,
>
> 17.01.00 16:28, you wrote: Netdetect.exe with backdoor? (ICQ);
>
> J> Hi,
>
> J> AVP just gave me a post lunch break heart attack and reported the same
> J> Trojan infection for my older build of ICQ (again only downloaded from
> J> trusted sources). I assume, as Brad Griffin mentions, that AVP mistakes
> the
>
> This is well-known problem in one of old AVP virus bases releases, and
> this  fact  means  you didn't updated your bases for a few months. You
> are   at   high   risk   in   this   situation.   Update  bases  from
> ftp://ftp.avp.ru/updates or ftp://ftp.avp.ru/bases
>
> J> connection monitoring activities of Ndetect as Trojan activity.
>
> J> A quick search of various virus sites suggests that AVP is mistaking
> Ndetect
> J> for SubSeven, a 'fairly advanced' Trojan that uses ICQ / Email to
> notify the
> J> originator that the victim is online.
>
>
>
>
>   +=-=-=-=-=-=-=-=-=+
>   |Vladimir Dubrovin|
>   | Sandy Info, ISP |
>   +=-=-=-=-=-=-=-=-=+