| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <dfk683$7hg$1@sea.gmane.org>
Date: Tue Sep 6 14:45:33 2005
From: davek_throwaway at hotmail.com (Dave Korn)
Subject: Re: Shell32.dll.124.config
> ----- Original Message -----
> From: "y0himba"
> Sent: Monday, September 05, 2005 4:33 PM
>> Yes I am a "noob". I have a question though. Google searches and a
>> few other things can tell me nothing about "shell32.dll.124.config". I
>> am on WindowsXP SP2, and keep seeing this file show up in antivirus
>> scans, but cannot find it anywhere on the system! I think it is
>> dynamically created by something, but after sitting and watching Filemon
>> 7.02 for 20 minutes or so, I give up. Has anyone heard of this file?
>> Antivir, Bitdefender, AVG and Clam all show it on the system, have
>> scanned it, but have found nothing. I have never seen this file before...
----Original Message----
>From: Morning Wood
>Message-Id: BAY19-DAV10034B5749FF0FE3BCF10ED9A70@....gbl
> sounds like an ADS ( alternate data stream )
No it doesn't. ADS filenames have a ':' as a separator. That name only
has dots in it and so is not an ADS. It is part of some kind of known
malware:
http://forums.spywareinfo.com/index.php?showtopic=7447&st=15
I guess y0himba's AV is detecting the attempt to access this file as
suspicious whether or not it actually exists, but he forgot to mention
anything about what the AV actually _says_ about it. y0himba, next time
you're reporting an error message, how about actually quoting the text, huh?
cheers,
DaveK
--
Can't think of a witty .sigline today....
Powered by blists - more mailing lists