Re: AIM Send out random messages
From: PA Bear (PABearMVP_at_gmail.com)
Date: Thu, 19 May 2005 16:21:27 -0400
The filenames which Oscarbot & variants drop are constantly morphing. At
this point, AV and anti-malware teams can't keep up with them all so no,
scanning with other AVs aren't likely to offer better results (but YMMV).
See the "Oscarbot The Grouch" story I linked to earlier.
-- ~Robear Dyer (PA Bear) MS MVP-Windows (IE/OE) & Security asdf wrote: > thank you all for awesome replies. However do you have any idea why would > mcafee with the latest definitions not be able to detect the problem? > Will scanning with norton, kaspersky would be more successful? > > > "PA Bear" <PABearMVP@gmail.com> wrote in message > news:OvkhH8CXFHA.2980@TK2MSFTNGP10.phx.gbl... >> W32/Oscarbot & variants (which are multiplying exponentially) >> http://www.google.com/search?hl=en&q=oscarbot >> >> For a sample of what you're in for, see "Oscarbot The Grouch" at >> http://aumha.org/elist.cgi >> >> Checking for/Help with Hijackware & (Trojans like Oscarbot) >> http://aumha.org/a/parasite.htm >> http://aumha.org/a/quickfix.htm >> http://aumha.net/viewtopic.php?t=5878 >> http://mvps.org/winhelp2002/unwanted.htm >> http://inetexplorer.mvps.org/data/prevention.htm >> http://inetexplorer.mvps.org/data/tshoot.htm >> http://www.mvps.org/sramesh2k/Malware_Defence.htm >> http://defendingyourmachine.blogspot.com/ >> >> Meanwhile, forbid the use of AIM on *any* machine. Keep seeking and >> installing McAfee updates (i.e., several times a day) and scanning. >> -- >> ~Robear Dyer (PA Bear) >> MS MVP-Windows (IE/OE) & Security >> >> >> >> >> asdf wrote: >>> people on our network seem to be affected with a weird security problem. >>> Their >>> AIM's are sending out random messages to their buddies. Scanned entire >>> network >>> with Mcafee and all the spyware removers. All the critical updats are >>> installed. >>> Also tried upgrading to the latest version of AIM but that didnt help. >>> THey dont have firewall on their network just ACLs on their router. >>> Any other ideas on how to approach this problem