RE: Strange servicepack.exe file (not service.exe) found.

• Previous message: Ben Nelson: "Re: Need two files for testing"
• In reply to: Eric Chien: "Re: Strange servicepack.exe file (not service.exe) found."
• Next in thread: John Ives: "RE: Strange servicepack.exe file (not service.exe) found."
• Reply: John Ives: "RE: Strange servicepack.exe file (not service.exe) found."
• Reply: Harlan Carvey: "RE: Strange servicepack.exe file (not service.exe) found."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <incidents@securityfocus.com>
Date: Wed, 17 Dec 2003 17:15:02 -0000

Eric Chien wrote Wednesday, December 17, 2003 10:31

> --- Chip Mefford <cmefford@avwashington.com> wrote:
> > Running in the task manager on a windows 98 box on our lan. The
> > machine was misbehaving badly yesterday
> [cut]
> > I've posted the file "servicepack.exe" in zipped and tarred formats
> > both at this url.
>
> This is a variant of RapidBlaster. See
> http://securityresponse.symantec.com/avcenter/venc/data/dialer
> .rapidblaster.html

How fun is this, though - Symantec's response today says the file contains
no malicious code. So nothing ever happened on the machine that had to be
rebuilt. Hmmmm.
 
Of course the servicepack.exe file could have been a downloaded byproduct of
another infection on the affected machine.

> -----Original Message-----
> From: SecurityResponse@symantec.com
> [mailto:SecurityResponse@symantec.com]
> Sent: Wednesday, December 17, 2003 16:51
> To: Jim.Slora@phra.com
> Subject: [CLOSING]: Symantec Security Response Automation:
> Tracking #3555918
>
>
> This message is an automatically generated reply. This
> system is designed to analyze and process virus submissions
> into the Symantec Security Response and cannot accept
> correspondence or inquiries.
> Please contact your Technical Support representative if more
> detailed information about your submission is required. Do
> not reply to this message.
>
> Below is a status update on your virus submission:
>
> Date: December 17, 2003
>
> Jim Slora
>
>
>
> Dear Jim Slora,
>
> We have analyzed your submission. The following is a report
> of our findings for each file you have submitted:
>
> filename: README.TXT
> machine: AVCAutomation:
> result: See the developer notes
>
> filename: servicepack.exe
> machine: AVCAutomation:
> result: See the developer notes
>
> Developer notes:
> README.TXT does not appear to contain malicious code.
> servicepack.exe contains no malicious code. It is used to
> access a pornographic service. It is safe to delete this file.
>
>
> Our automated system has performed an extensive analysis on
> the file(s) that you have submitted and found no evidence of
> malicious code. If you have additional evidence to suggest
> that a malicious program still resides in the file that was
> submitted to us, please contact Symantec Technical Support
> for assistance.
>
> Should you have any questions about your submission, please
> contact your regional technical support from the Symantec
> website and give them the tracking number in the subject of
> this message.
>
> --------------------------------------------------------------
> ---------
> This message was generated by Symantec Security Response automation.
>
> For USA:
> For electronic support options, Symantec provides On-Line
> Services at http://www.symantec.com/techsupp/
>
>
> --------------------------------------------
>

---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Previous message: Ben Nelson: "Re: Need two files for testing"
• In reply to: Eric Chien: "Re: Strange servicepack.exe file (not service.exe) found."
• Next in thread: John Ives: "RE: Strange servicepack.exe file (not service.exe) found."
• Reply: John Ives: "RE: Strange servicepack.exe file (not service.exe) found."
• Reply: Harlan Carvey: "RE: Strange servicepack.exe file (not service.exe) found."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]