Re: Trojan horse Downloader.Generic.ML

From: Zvi Netiv (support_at_replace_with_domain.com)
Date: 06/21/05


Date: Tue, 21 Jun 2005 15:19:44 +0300


"Ron Reaugh" <ron-reaugh@worldnet.att.net> wrote:
> "Zvi Netiv" <support@replace_with_domain.com> wrote

[...]
> > I tend to agree with Ron, that the smoke is from a gun, but he failed to produce
> > evidence that will help exposing that gun. Without it, what we have is nothing
> > more than the evidence that there were WMD in Iraq on the eve of the second Gulf
> > War. What we need is info on what creates the NULL file and how, and the way to
> > obtain it is by replicating its creation, under controlled conditions. Instead,
> > Ron is wasting his time (and ours) in reiterating already exhausted evidence.
>
> NO, AVG is my expert. AVG flagged it. AVG may have detected virus like
> activity and/or now considers THAT file to be a nasty. AVG's report/flag IS
> the evidence.
> The is no evidence that AVG made an error. In fact all the evidence
> suggests that AVG performed admirably.

You certainly fooled me. I see now that I misunderstood your original post.
Quoting from:

"So where and how did this file C:\NULL that AVG claims is Trojan horse
Downloader.Generic.ML appear from? Was it really there since 5/5 but went
unnoticed ... OR did something penetrate all the firewalls and suddenly spawn
this file ... What likely happened here?"

Speaking of consistency and logic ... ;-)

Regards, Zvi

--
NetZ Computing Ltd. ISRAEL www.invircible.com www.ivi.co.il (Hebrew)
InVircible Virus Defense Solutions, ResQ and Data Recovery Utilities