| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200309010908880.SM01020@genero> From: scottp at dreamwright.com (Scott Phelps / Dreamwright Studios) Subject: Virus, whether the scanners say so or not? I just got this from a co-workers computer. I've run it against 4 virus scanners I have around (after running each one's definition update) and nothing recognized it. It really looks like W32.HLLW.Moega http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.moega.html But Symantec says it should catch it, which it doesn't. It looks like the thing has been on his machine for about a month, and he's on an open cable connection (Symantec mentions a trojan in moega) so I would like to know what the payload is. It's a larger file than what Symantec has listed for moega also. Anybody seen it, or have a scanner that recognizes it? D R E A M W R I G H T S T U D I O S Dreamwright.com - Web Design, Graphic Design, & Custom Software Programming 704-548-8653 office/fax 1-866-47-MY-WEB PO Box 480188 Charlotte, NC 28269 -------------- next part -------------- A non-text attachment was scrubbed... Name: wupdated.zip Type: application/x-zip-compressed Size: 27042 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030901/5b0bce7d/wupdated.bin -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3230 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030901/5b0bce7d/smime.bin
Powered by blists - more mailing lists