RE: New Trojan
From: Matt Vaughan (mcv_at_OceanShipholdings.com)
Date: 10/27/03
- Previous message: Harlan Carvey: "RE: New Trojan"
- Maybe in reply to: Jay Castaldo: "New Trojan"
- Next in thread: Jay Castaldo: "Re: New Trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 27 Oct 2003 14:18:27 -0600 To: <incidents@securityfocus.com>
We use Trend Micro products, which support the scanning of streams.
-----Original Message-----
From: Chris Fussell [mailto:chrisfussell@hotmail.com]
Sent: Monday, October 27, 2003 12:28 PM
To: 'Jay Castaldo'; incidents@securityfocus.com
Subject: RE: New Trojan
FWIW, after seeing this thread, I got nervous and looked at my virus
scanner and discovered that there is an option to scan ADS, which I
quickly enabled and re-scanned my machine. I am using CA eTrust
Antivirus... I'm not sure if other products support the same.
- Chris
-----Original Message-----
From: Jay Castaldo [mailto:fupayme2003@hotmail.com]
Sent: Sunday, October 26, 2003 8:28 AM
To: incidents@securityfocus.com
Subject: Re: New Trojan
In-Reply-To: <5.1.0.14.0.20031026114925.00ae1980@pop.netspace.net.au>
Thanks for all the help everybody, I have definately learned something
new today about the good old Windows systems and NTFS. I'm just very
curious how it got on my computer to begin with, but on to the fix
action. I was so mind boggled and bothered about this on my machine, I
almost (keyword) reloaded my entire machine, but as somebody mentioned
earlier about a rundll command and walla done. I can't believe it was
that simple. The funny thing about it, no anti viral tools or anti
trojan tools would work period just because I think as somebody already
stated it was using an ADS which apparently is a great way to hide new
trojans on any NTFS machine. This forum is by far a great tool to learn
something new everyday and I definately have learned something. Thank
you for all your input.
------------------------------------------------------------------------
--- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_incidents_031023 and use priority code SF4. ------------------------------------------------------------------------ ---- ------------------------------------------------------------------------ --- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_incidents_031023 and use priority code SF4. ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Network with over 10,000 of the brightest minds in information security at the largest, most highly-anticipated industry event of the year. Don't miss RSA Conference 2004! Choose from over 200 class sessions and see demos from more than 250 industry vendors. If your job touches security, you need to be here. Learn more or register at http://www.securityfocus.com/sponsor/RSA_incidents_031023 and use priority code SF4. ----------------------------------------------------------------------------
- Previous message: Harlan Carvey: "RE: New Trojan"
- Maybe in reply to: Jay Castaldo: "New Trojan"
- Next in thread: Jay Castaldo: "Re: New Trojan"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
