Re: IRC Packets being generated. Dont know where from...

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 04/29/05 

Date: Fri, 29 Apr 2005 13:43:38 -0400

From: "Lawrence Abrams" <grinler-AT=bleepingcomputer.com>

| Its probably a new rbot or sdbot loading as the service:
|
| Remote Administrator Service
|
| Explorer.exe is always in the %WinDir% and not %System%. Can you submit
| C:\WINNT\system32\explorer.exe for analysis at
| http://www.bleepingcomputer.com/submit-malware.php for analysis? I am
| pretty sure it is that file though.
|
| Also for future use, those automated HJT scanners are not wise to use. They
| give too many false positives.
|
| --
| Lawrence Abrams
| MS MVP Windows-Security
| http://www.bleepingcomputer.com

Please explain the intentions of bleepingcomputer.com when it comes to what happens top
submittals. At least when a file is submitted to Virus Total the submission is shared with
the 18 AV vendors whose scanners test the file. 

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm