[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <9E97F0997FB84D42B221B9FB203EFA27F0EC9B@dc1ms2.msad.brookshires.net>
Date: Fri Jun 3 15:41:53 2005
From: toddtowles at brookshires.com (Todd Towles)
Subject: (no subject)
This could be another bot running on the same filename, but here is
something I found on google
Norton Antivirus 2004(vir def may-2005) report wintcpmod.exe is infected
with W32.DSS.Trojan. The file was deleted and WinXP Sp2 work without
problems.
http://www.what-process.com/process-info.aspx?p=wintcpmod.exe.exe
> -----Original Message-----
> From: full-disclosure-bounces@...ts.grok.org.uk
> [mailto:full-disclosure-bounces@...ts.grok.org.uk] On Behalf
> Of andy mueller
> Sent: Friday, June 03, 2005 8:17 AM
> To: full-disclosure@...ts.grok.org.uk
> Subject: [Full-disclosure] (no subject)
>
>
>
> HI people I have had "wintcpmod" as well so I submitted it
> to norton antivirus and they came back to me with this:
>
>
>
> We have analyzed your submission. The following is a report of our
> findings for each file you have submitted:
>
> filename: C:\WINDOWS\system32\wintcpmod.exe
> machine: ALIEN
> result: This file is infected with Backdoor.Trojan
>
> Developer notes:
> C:\WINDOWS\system32\wintcpmod.exe is non-repairable threat. NAV with
> the latest rapidrelease definition detects this. Please delete this
> file and replace it if neccessary. Please follow the
> instruction at the
> end of this email message to install the latest rapidrelease
> definitions.
>
>
>
> Symantec Security Response has determined that the sample(s) that you
> provided are infected with a virus, worm, or Trojan. We have created
> RapidRelease definitions that will detect this threat. Please
> follow the
> instruction at the end of this email message to download and install
> the latest RapidRelease definitions.
> Downloading and Installing RapidRelease Definition Instructions:
> 1. Open your Web browser. If you are using a dial-up
> connection, connect
> to any Web site, such as: http://securityresponse.symantec.com/
> 2. Click this link to the ftp site:
> ftp://ftp.symantec.com/public/english_us_canada/antivirus_defi
> nitions/norton_antivirus/rapidrelease/symrapidreleasedefsi32.exe.
> If it does not go to the site (this could take a minute or so if you
> have a slow connection), copy and paste the address into the
> address bar
> of your Web browser and then press Enter.
> 3. When a download dialog box appears, save the file to the Windows
> desktop.
> 4. Double-click the downloaded file and follow the prompts.
> ----------------------------------------------------------------------
> This message was generated by Symantec Security Response automation
>
> Should you have any questions about your submission, please contact
> our regional technical support from the Symantec website
> (http://www.symantec.com/techsupp/)
> and give them the tracking number in the subject of this message.
>
> _________________________________________________________________
> Winks & nudges are here - download MSN Messenger 7.0 today!
> http://messenger.msn.co.uk
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Powered by blists - more mailing lists