Re: strange software > winsupdater.exe
From: Nick FitzGerald (nick_at_virus-l.demon.co.uk)
Date: 03/16/05
- Previous message: Jim Harrison (ISA): "RE: strange software > winsupdater.exe"
- In reply to: SDA: "strange software > winsupdater.exe"
- Next in thread: Justin: "Re: strange software > winsupdater.exe"
- Reply: Justin: "Re: strange software > winsupdater.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 16 Mar 2005 12:53:27 +1300 To: incidents@securityfocus.com
SDA wrote:
> We are looking at an abnormal program named "winsupdater.exe" and we are
> having trouble installing antispyware software on the infected computers,
> and the antivirus is not detecting the malware.
> We were able to disable it manual trough regedit, were it leaves a key entry
> in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run named
> "Microsoft Window Updater", but anyone knows if this is a new virus or
> spyware?
Filenames are all but totally useless for diagnosing malware, spyware
_AND_ the normal operation of a system.
If you suspect the file may be some (new) undesirable thing, send
copies to your preferred antivirus (and possibly other "security")
product developers asking them for an analysis and to add detection and
removal if it turns out that it really is "undesirable" by their
standard.
To save you looking them up, here are the suspect file submission
addresses for the better known antivirus engine developers:
Authentium (Command Antivirus) <virus@authentium.com>
Computer Associates (US) <virus@ca.com>
Computer Associates (Vet/EZ) <ipevirus@vet.com.au>
DialogueScience (Dr. Web) <Antivir@dials.ru>
Eset (NOD32) <sample@nod32.com>
F-Secure Corp. <vsamples@f-secure.com>
Frisk Software (F-PROT) <viruslab@f-prot.com>
Grisoft (AVG) <virus@grisoft.cz>
H+BEDV (AntiVir, Vexira engine) <virus@antivir.de>
Kaspersky Labs <newvirus@kaspersky.com>
Network Associates (McAfee) <virus_research@nai.com>
(use a ZIP file with the password 'infected' without the quotes)
Norman (NVC) <analysis@norman.no>
Panda Software <labs@pandasoftware.com>
Sophos Plc. <samples@sophos.com>
Symantec (Norton) <avsubmit@symantec.com>
Trend Micro (PC-cillin) <virus_doctor@trendmicro.com>
(Trend may only accept files from users of its products)
-- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3267092
- Previous message: Jim Harrison (ISA): "RE: strange software > winsupdater.exe"
- In reply to: SDA: "strange software > winsupdater.exe"
- Next in thread: Justin: "Re: strange software > winsupdater.exe"
- Reply: Justin: "Re: strange software > winsupdater.exe"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
