[<prev] [next>] [day] [month] [year] [list]
Message-ID: <OFB81E4662.7E673394-ONC1256D94.0050EAF6@juliusbaer.com>
From: roman.kunz at juliusbaer.com (roman.kunz@...iusbaer.com)
Subject: Virus, whether the scanners say so or not?
hi scott,
MCAfee does but it says it's the "W32/Sdbot.worm.gen"
cheers
roman
----------------------------------------------
"Scott Phelps / Dreamwright Studios" <scottp@...amwright.com> said:
I just got this from a co-workers computer. I've run it against 4 virus
scanners I have around (after running each one's definition update) and
nothing recognized it.
It really looks like W32.HLLW.Moega
http://securityresponse.symantec.com/avcenter/venc/data/w32.hllw.moega.html
But Symantec says it should catch it, which it doesn't. It looks like the
thing has been on his machine for about a month, and he's on an open cable
connection (Symantec mentions a trojan in moega) so I would like to know
what the payload is. It's a larger file than what Symantec has listed for
moega also.
Anybody seen it, or have a scanner that recognizes it?
D R E A M W R I G H T S T U D I O S
Dreamwright.com - Web Design, Graphic Design, & Custom Software
Programming
704-548-8653 office/fax 1-866-47-MY-WEB
PO Box 480188 Charlotte, NC 28269
*****Disclaimer*****
This message is for the addressee only and may contain confidential or
privileged information. You must delete and not use it if you are not the
intended recipient. It may not be secure or error-free. All e-mail
communications to and from the Julius Baer Group may be monitored.
Processing of incoming e-mails cannot be guaranteed. Any views expressed
in this message are those of the individual sender. This message is for
information purposes only. All liability of the Julius Baer Group and its
entities for any damages resulting from e-mail use is excluded. US persons
are kindly requested to read the important legal information presented
after clicking here: http://www.juliusbaer.com/maildisclaimer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20030901/3f4fc8d7/attachment.html
Powered by blists - more mailing lists