RE: [Full-disclosure] Re: Shell32.dll.124.config
From: y0himba (y0himba_at_technolounge.org)
To: <email@example.com> Date: Tue, 6 Sep 2005 09:53:30 -0400
If you would have read the message, I stated that it showed up in scans but
could not be found on the system. If you must have the exact text from the
9/6/2005,9:37:59 WARNING: AVGuard detected a problem in the file
INFO: The access to the file has been denied!
If the information had contained something helpful, I would have posted it.
Also, to keep the messages to a smaller size, I didn't post the text from
Filemon. I am quite sure that folks are smart enough to ask for the
information if they need it.
Thank you for the link! :) Good reading although my computer is
experiencing none of the symptoms listed.
[mailto:firstname.lastname@example.org] On Behalf Of Dave Korn
Sent: Tuesday, September 06, 2005 9:40 AM
Subject: [Full-disclosure] Re: Shell32.dll.124.config
> ----- Original Message -----
> From: "y0himba"
> Sent: Monday, September 05, 2005 4:33 PM
>> Yes I am a "noob". I have a question though. Google searches and a
>> few other things can tell me nothing about "shell32.dll.124.config".
>> I am on WindowsXP SP2, and keep seeing this file show up in antivirus
>> scans, but cannot find it anywhere on the system! I think it is
>> dynamically created by something, but after sitting and watching
>> 7.02 for 20 minutes or so, I give up. Has anyone heard of this file?
>> Antivir, Bitdefender, AVG and Clam all show it on the system, have
>> scanned it, but have found nothing. I have never seen this file before...
>From: Morning Wood
> sounds like an ADS ( alternate data stream )
No it doesn't. ADS filenames have a ':' as a separator. That name only
has dots in it and so is not an ADS. It is part of some kind of known
I guess y0himba's AV is detecting the attempt to access this file as
suspicious whether or not it actually exists, but he forgot to mention
anything about what the AV actually _says_ about it. y0himba, next time
you're reporting an error message, how about actually quoting the text, huh?
-- Can't think of a witty .sigline today.... _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.18/90 - Release Date: 9/5/2005 -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.344 / Virus Database: 267.10.18/90 - Release Date: 9/5/2005 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/