Trojan horse Downloader.Generic.ML
From: Ron Reaugh (ron-reaugh_at_worldnet.att.net)
Date: 06/15/05
- Next message: Dale Richards: "Re: Do I block access from svchost to DHCP?"
- Previous message: Sue Thomas: "ISO 17799 News Relocates"
- Next in thread: Eric Parker: "Re: Trojan horse Downloader.Generic.ML"
- Reply: Eric Parker: "Re: Trojan horse Downloader.Generic.ML"
- Reply: Ron Reaugh: "Re: Trojan horse Downloader.Generic.ML"
- Reply: Jason Edwards: "Re: Trojan horse Downloader.Generic.ML"
- Reply: Jim Byrd: "Re: Trojan horse Downloader.Generic.ML"
- Reply: Roger Wilco: "Re: Trojan horse Downloader.Generic.ML"
- Maybe reply: Ron Reaugh: "Re: Trojan horse Downloader.Generic.ML"
- Reply: Zvi Netiv: "Re: Trojan horse Downloader.Generic.ML"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 15 Jun 2005 16:32:36 GMT
It's the file C:\NULL
Suddenly shortly after cold boot my fully updated(WinUp) and patched W98se
PC reported the above noted infection. It's Grisoft free AVG with the
latest updates. This PC is also protected by ZoneAlarm, Belkin WiFi router
with firewall, SpyBot(resident). A normal Shutdown was done 12 hours
earlier with no indication of any problems. There are still no indications
of any problems EXCEPT that AVG claims it's found this trojan. There have
been no floppy operations/mounts, no CD operations/mounts and no downloads
and installs of anything since an hour before shutdown last night and now.
>From the DOS prompt I can see a file C:\NULL that has a 5/5/05 date. Since
5/5 both a full manual AVG and Trend HouseCall 6 run have been done on this
PC finding nothing.
So where and how did this file C:\NULL that AVG claims is Trojan horse
Downloader.Generic.ML appear from? Was it really there since 5/5 but went
unnoticed by both AVG and Trend HouseCall 6 and then this morning AVG
suddenly downloaded a new definition file which started seeing this trojan?
OR did something penetrate all the firewalls and suddenly spawn this file
which AVG quickly recognized?
What likely happened here?
The operation I was in the middle of when AVG popped up was reading a text
only no attachment NG message in OE 6.00.2800.1123.
- Next message: Dale Richards: "Re: Do I block access from svchost to DHCP?"
- Previous message: Sue Thomas: "ISO 17799 News Relocates"
- Next in thread: Eric Parker: "Re: Trojan horse Downloader.Generic.ML"
- Reply: Eric Parker: "Re: Trojan horse Downloader.Generic.ML"
- Reply: Ron Reaugh: "Re: Trojan horse Downloader.Generic.ML"
- Reply: Jason Edwards: "Re: Trojan horse Downloader.Generic.ML"
- Reply: Jim Byrd: "Re: Trojan horse Downloader.Generic.ML"
- Reply: Roger Wilco: "Re: Trojan horse Downloader.Generic.ML"
- Maybe reply: Ron Reaugh: "Re: Trojan horse Downloader.Generic.ML"
- Reply: Zvi Netiv: "Re: Trojan horse Downloader.Generic.ML"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
