Re: wmon16.exe

From: Willem Tahon (tahon_at_un.org)
Date: 05/11/04

  • Next message: Harlan Carvey: "Re: wmon16 follow-up"
    To: nick@virus-l.demon.co.uk
    Date: Mon, 10 May 2004 18:13:24 -0400
    
    

    Also keep in mind that some of the AV developers require specific handling
    of viruses (e.g. password-protected zipping) before sending them.

    |---------+---------------------------->
    | | Nick FitzGerald |
    | | <nick@virus-l.dem|
    | | on.co.uk> |
    | | |
    | | 10/05/2004 03:31 |
    | | PM |
    | | Please respond to|
    | | nick |
    | | |
    |---------+---------------------------->
    >------------------------------------------------------------------------------------------------------------------------------|
      | |
      | To: incidents@securityfocus.com |
      | cc: |
      | Subject: Re: wmon16.exe |
    >------------------------------------------------------------------------------------------------------------------------------|

    "Jason High" <strongcypher@hotmail.com> wrote:

    > I believe that I have a HUGE problem, and I can't find anything anywhere.

    > Here are our symptoms:
    <<snip>>
    > I am completely lost. No removal tools have worked, no A/V is picking it

    > up. I've got about four hosts with these symptoms (so far) and I'm just
    > unplugging network cables at this point. Anyone with any pointers?

    Further to Harlan's excellent advice, you would do well to forward such
    suspect files to your preferred AV developers' sample submission
    addresses. To save you having to look them up, here is a list of such
    addresses for the better-known developers:

       Authentium (Command Antivirus) <virus@authentium.com>
       Computer Associates (US) <virus@ca.com>
       Computer Associates (Vet/EZ) <ipevirus@vet.com.au>
       DialogueScience (Dr. Web) <Antivir@dials.ru>
       Eset (NOD32) <sample@nod32.com>
       F-Secure Corp. <samples@f-secure.com>
       Frisk Software (F-PROT) <viruslab@f-prot.com>
       Grisoft (AVG) <virus@grisoft.cz>
       H+BEDV (AntiVir, Vexira engine) <virus@antivir.de>
       Kaspersky Labs <newvirus@kaspersky.com>
       Network Associates (McAfee) <virus_research@nai.com>
         (use a ZIP file with the password 'infected' without the quotes)
       Norman (NVC) <analysis@norman.no>
       Panda Software <labs@pandasoftware.com>
       Sophos Plc. <support@sophos.com>
       Symantec (Norton) <avsubmit@symantec.com>
       Trend Micro (PC-cillin) <virus_doctor@trendmicro.com>
         (Trend may only accept files from users of its products)

    --
    Nick FitzGerald
    Computer Virus Consulting Ltd.
    Ph/FAX: +64 3 3529854
    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------
    

  • Next message: Harlan Carvey: "Re: wmon16 follow-up"

    Relevant Pages

    • Re: My contribution
      ... but I'd bet they've lost most of their user base. ... They certainly lost me... ... They only follow the plan. ...
      (Fedora)
    • RE: [Full-Disclosure] AV Naming Convention
      ... If they did, these developers ... that some new mass mailer is a Bagle variant and the analysts from two ... > I can tell you that the way viruses are named right now is meaningless to ... virus writer chose, the media will latch onto the one tiny, weird-arse, ...
      (Full-Disclosure)
    • Re: Dual-Licensing Linux Kernel with GPL V2 and GPL V3
      ... If lost, ... developers who do not agree with some of the key points of the GPLv3 ... I think Linus, and other major developers ...
      (Linux-Kernel)
    • Re: ubuntu-users Digest, Vol 81, Issue 7
      ... I am trying to find the benefits of the digest version of this list. ... It "should only be used for competent users and developers." ... Guess "you can get lost if you don't carefully read what you see." ...
      (Ubuntu)
    • RE: wmon16.exe
      ... iDEFENSE will do an analysis of code as well. ... > I am completely lost. ... No removal tools have worked, ... suspect files to your preferred AV developers' sample submission addresses. ...
      (Incidents)