lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <32871003F0BDC84E99E69EB6E9AE3AB410E92E@HQ-MAIL>
From: pdonahue at acmicorp.com (Donahue, Pat)
Subject: Where to submit a suspected trojan or virus?

Hi Scenobro,

I've had success sending the file to McAfefe's AVERT WebImmune
(http://www.webimmunite.net). You can register as a new user and submit
through the web interface, or you can simply e-mail the file to
virus_research@....com. I'd recommend registering as they will provide
you with the scan result immediately. Additionally, if you use McAfee,
they will provide you with updated virus definition files to clean the
machine.

Best of luck,
Pat

-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Kyle
Maxwell
Sent: Friday, September 03, 2004 12:23 PM
To: Scenobro
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] Where to submit a suspected trojan or
virus?

On Fri, 03 Sep 2004 06:00:27 +0200, Scenobro <scenobro@...cali.it>
wrote:
> I  found an explorer.exe in my system32 folder which I believe take 
> precedence over the real explorer.exe located in c:\windows.
> It's a 92K file that seems to be a visual basic program. Among the 
> strings contained in it there is a "C:\TestDL.exe" which I didn't find

> on my disk and a url "http://www.getupdate.com/TestDownload.exe" which

> does't exists. (the home page of that site is a textfile containing 
> only "SB2").
> I sent the file to virustotal.com and they found nothing.
> Where I can send this file for analysis?

The Internet Storm Center also has a malware analysis group, and they
coordinate with the major AV vendors; you can submit the file and
relevant information at http://isc.sans.org/contact.php or via email to
isc@...s.org (I think).

--
Kyle Maxwell
[krmaxwell@...il.com]

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ