Re: How did I get this?

From: Bigbruva (Richardh_at_dontusethis.ws)
Date: 02/23/05 

Date: Wed, 23 Feb 2005 13:04:38 -0800

I don't have any experience with XoftSpy but I am curious as to why your
anti-spyware scanner found a mass-mailing worm but your AV app didn't!

Did you see any of the behaviors of this worm on your machine or did you
only see the notification from Xoftspy?
This could have been a false positive.

BB

"t.cruise" <t__cruise@[NoSpam]hotmail.com> wrote in message
news:OtDNyleGFHA.3648@TK2MSFTNGP09.phx.gbl...
>I have a decent firewall, an antivirus program with updated definitions,
>and practice very
> safe Internet (Road Runner connection) surfing. I don't use a preview
> pane In Outlook
> Express, don't accept Active AX from any site, and don't open email
> attachments unless
> I've looked at the source code in text first with my text only email
> monitor. I'd been
> using Ad-Aware SE, but switched to Xoftspy. Yesterday an XoftSpy drive
> scan found the
> W32.Coflop@mm worm on my system. It was not there two days earlier. When
> I read the
> details about the worm at SARC, it says that it's delivered by email. I
> hadn't opened any
> email attachments, or any HTML email with scripts. I am the only person
> who uses this
> system. My firewall is running fine. Would someone please give me an
> idea as to how this
> worm might have gotten on my system, and what sort of precautions I can
> take, other than
> those that I have already, to avoid more infections?
> --
>
> T.C.
> t__cruise@[NoSpam]hotmail.com
> Remove [NoSpam] to reply
>
>
>

Relevant Pages

  • Re: How did I get this?
    ... > I have a decent firewall, an antivirus program with updated definitions, and practice very ... > safe Internet surfing. ... > details about the worm at SARC, it says that it's delivered by email. ... > email attachments, or any HTML email with scripts. ...
    (microsoft.public.security.virus)
  • How did I get this?
    ... I have a decent firewall, an antivirus program with updated definitions, and practice very ... I don't use a preview pane In Outlook ... Express, don't accept Active AX from any site, and don't open email attachments unless ... W32.Coflop@mm worm on my system. ...
    (microsoft.public.security.virus)
  • Re: How did I get this?
    ... None of the registry entries which the worm should have caused were there. ... I was also curious as to why my antivirus program didn't catch it. ... and when it was cleaned with XoftSpy the system ran fine again. ... >> email attachments, or any HTML email with scripts. ...
    (microsoft.public.security.virus)
  • Re: How did I get this?
    ... The submission will then be tested against several different AV vendor's scanners. ... | None of the registry entries which the worm should have caused were there. ... They were NOT false positives. ... That system was exhibiting | symptoms, and when it was cleaned with XoftSpy the system ran fine again. ...
    (microsoft.public.security.virus)
  • Re: How did I get this?
    ... > I am aware that XoftSpy is NOT an antivirus program. ... >>| details about the worm at SARC, it says that it's delivered by email. ... >>| email attachments, or any HTML email with scripts. ...
    (microsoft.public.security.virus)