Re: Trojan horse Downloader.Generic.ML

From: Ron Reaugh (ron-reaugh_at_worldnet.att.net)
Date: 06/16/05 

Date: Wed, 15 Jun 2005 23:43:34 GMT

"mhicaoidh" <®êmõvé_mhic_aoidh@hotÑîXmailS­PäM.com> wrote in message
news:1u2se.53808$x96.41190@attbi_s72...
> Taking a moment's reflection, Ron Reaugh mused:
> |
> | NO, I'm not doubting AVG at all. The file c:\null didn't belong
> | there and came from some unknown source and I assume that in fact is
> | a trojan. What I can't understand is how and when it got there
> | unnoticed until this AM??
>
> My guess would be that when it ws put there, AVG didn't have a
> definition for it. Sometime between now and then, the definition was
> added, and now AVG can detect it. It could also be a false positive.

My thinking exactly. c:\null IS a foreign and uninvited file so it's not a
false positive even if the file contains all binary zeroes<g>.

My understanding is that actually encountering something before one's virus
checker has it in the def file is a rather unusual occurence. HOWEVER also
my understanding is that between a virus checker(AVG), SpyBot and ZoneAlarm
that nothing should be able to arbitrarily go out and put some file named
c:\null in the root directory regardless of any def file entry. Am I
missing something here?

Relevant Pages

  • Re: Trojan horse Downloader.Generic.ML
    ... I'm not doubting AVG at all. ... My understanding is that actually encountering something before one's virus ... checker has it in the def file is a rather unusual occurence. ...
    (comp.security.firewalls)
  • AVG Update
    ... Not sure if I am understanding this right, but is there a new version of AVG ... I keep reading the News Group and get the ...
    (alt.comp.anti-virus)
  • Re: Trojan horse Downloader.Generic.ML
    ... I would also download and run HiJackThis and post your results to one ... 'restore as' in AVG continues to hang. ... >> AVG 718 06.14.2005 no virus found ... >>> Yes but then there's that sudden detection that appears NOT to>>> correspond to any event related to that theory. ...
    (comp.security.firewalls)
  • Re: Trojan horse Downloader.Generic.ML
    ... I would also download and run HiJackThis and post your results to one ... 'restore as' in AVG continues to hang. ... >> AVG 718 06.14.2005 no virus found ... >>> Yes but then there's that sudden detection that appears NOT to>>> correspond to any event related to that theory. ...
    (alt.computer.security)
  • Re: Trojan horse Downloader.Generic.ML
    ... Hi Ron - No, if you've already let A2 clean things, then ... But of course running this and using the HiJackThis ... At www.virustotal.com the AVG was the day's before AVG ... AVG 718 06.14.2005 no virus found ...
    (comp.security.firewalls)
Quantcast